LNCS 3274 






Distributed 

Computing 

18th International Conference, DISC 2004 
Amsterdam, The Netherlands, October 2004 
Proceedings 



Springer 




Lecture Notes in Computer Science 

Commenced Publication in 1973 
Founding and Former Series Editors: 

Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen 

Editorial Board 

David Hutchison 

Lancaster University, UK 
Takeo Kanade 

Carnegie Mellon University, Pittsburgh, PA, USA 
Josef Kittler 

University of Surrey, Guildford, UK 
Jon M. Kleinberg 

Cornell University, Ithaca, NY, USA 
Friedemann Mattern 

ETH Zurich, Switzerland 
John C. Mitchell 

Stanford University, CA, USA 
Moni Naor 

Weizmann Institute of Science, Rehovot, Israel 
Oscar Nierstrasz 

University of Bern, Switzerland 
C. Pandu Rangan 

Indian Institute of Technology, Madras, India 
Bernhard Steffen 

University of Dortmund, Germany 
Madhu Sudan 

Massachusetts Institute of Technology, MA, USA 
Demetri Terzopoulos 

New York University, NY, USA 
Doug Tygar 

University of California, Berkeley, CA, USA 
Moshe Y. Vardi 

Rice University, Houston, IX, USA 
Gerhard Weikum 

Max-Planck Institute of Computer Science, Saarbruecken, Germany 



3274 




Rachid Guerraoui (Ed.) 



Distributed 

Computing 



18th International Conference, DISC 2004 
Amsterdam, The Netherlands, October 4-7, 2004 
Proceedings 



4^ Springer 




Volume Editor 



Rachid Guerraoui 
EPFL, I&C - LPD, Bat. IN 
1015 Lausanne, Switzerland 
E-mail: rachid. guerraoui@epfl.ch 



Library of Congress Control Number: 2004112514 



CR Subject Classification (1998): C.2.4, C.2.2, F.2.2, D.1.3, F.1.1, D.4.4-5 
ISSN 0302-9743 

ISBN 3-540-23306-7 Springer Berlin Heidelberg New York 



This work is subject to copyright. All rights are reserved, whether the whole or part of the material is 
concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, 
reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication 
or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, 
in its current version, and permission for use must always be obtained from Springer. Violations are liable 
to prosecution under the German Copyright Law. 

Springer is a part of Springer Science+Business Media 

springeronline.com 

© Springer-Verlag Berlin Heidelberg 2004 
Printed in Germany 

Typesetting: Camera-ready by author, data conversion by Olgun Computergrafik 
Printed on acid-free paper SPIN: 1 1328841 06/3142 5 4 3 2 1 0 




Preface 



DISC, the International Symposium on Distributed Computing, is an annual 
conference for the presentation of research on the theory, design, analysis, im- 
plementation, and application of distributed systems and network. DISC 2004 
was held on October 4-7, 2004, in Amsterdam, The Netherlands. 

There were 142 papers submitted to DISC this year. These were read and 
evaluated by the program committee members, assisted by external reviewers. 
The quality of submissions was high and we were unable to accept many deserv- 
ing papers. Thirty one papers were selected at the program committee meeting 
in Lausanne to be included in these proceedings. The proceedings include an 
extended abstract of the invited talk by Ueli Maurer. In addition, they include 
a eulogy for Peter Ruzicka by Shmuel Zaks. 

The Best Student Paper Award was split and given to two papers: the paper 
“Efficient Adaptive Collect Using Randomization”, co-authored by Hagit Attiya, 
Fabian Kuhn, Mirjam Wattenhofer and Roger Wattenhofer, and the paper “Cou- 
pling and Self-stabilization”, co-authored by Laurent Fribourg, Stephane Messika 
and Claudine Picaronny. 

The support of the CWI and EPFL is gratefully acknowledged. The review 
process and the preparation of this volume were done using CyberChairPRO. 
I also thank Sebastien Baehni and Sidath Handurukande for their crucial help 
with these matters. 



August 2004 



Rachid Guerraoui 




Peter Ruzicka 1947-2003 




Peter died on Sunday, October 5, 2003, at the age of 56, after a short disease. 
He was a Professor of Informatics at the Faculty of Mathematics, Physics and 
Informatics in Comenius University, Bratislava, Slovakia. Those of us who knew 
him through DISC and other occasions mourn his death and cherish his memory. 
These words are written in Peter’s honor, as a farewell to a true colleague of our 
community. Peter’s death came as a shock to everyone who knew him. His tragic 
death is an immense loss to his wife Marta and his daughter Kristina. I hope 
these words bring some comfort to them. 

Peter worked in several research areas of theoretical computer science through- 
out his long career. His earlier works cover topics that include formal languages, 
unification, graph pebbling and others. Most of his research works since the early 
1990s were in the areas of communication networks and distributed computing, 
and these works connected Peter to our community. These works include studies 
of complexity issues for various problems and models of interval routing, and for 
various problems and topics in distributed computing (like oriented and unori- 
ented networks) and in interconnection networks. Peter was a true hard worker, 
always choosing difficult and challenging problems. His works always use deep 
and interesting mathematical tools, and are always presented very clearly and 
precisely. Peter was very persistent in setting up his research goals and follow- 
ing them. His papers contain many original ideas, and cover all relevant aspects 
comprehensively. Peter did some of these works together with Stefan Dobrev and 
Rastislav Kralovic, whom he devotedly supervised as his Ph.D. students in this 
research area, and he did joint works with many other colleagues. 

Peter was a regular participant in many conferences in this area, includ- 
ing DISC and SIROCCO; he was on the program committees of DISC 1998 
and 2000 and SIROCCO 1999. He participated and was very actively involved 
in other conferences, including ICALP, SOFSEM and MFCS. These activities 
included co-chairing MFCS 1994, chairing MFCS 1997 and chairing SOFSEM 
2001, and being on the program committees of MFCS 2000 and SOFSEM 1997. 
In 1998, when I was the chair of DISC, I approached Peter, suggesting that he 
organize DISC in Bratislava, thus bringing DISC, for its first time, to an East- 
European country. Peter accepted this challenge enthusiastically, and with no 
hesitation whatsoever. Together with his local team, he then devoted the fol- 





VIII Peter Ruzicka 1947-2003 



lowing year to the organization of DISC 1999 in Bratislava. I was in touch with 
Peter throughout that year and noticed his conscientious efforts to ensure that 
the conference would be successful. Indeed, this conference proved to be a great 
success, and Peter and his team were consequently highly appreciated by the 
Steering Committee and the whole audience. 

I knew that Peter was sick, and I contacted him by email before I left home 
to attend DISC 2003 in Sorrento, at the end of September. When I returned 
home, a message waited for me, in which his wife Marta informed me about his 
death. It turned out that on the same days that we all met in Sorrento, Peter 
was fighting for his life. He died on Sunday, October 5, 2003, when we all made 
our way back home from the conference. I learnt from his wife that to the very 
end Peter proved very strong and was full of hope. 

Personally, I found Peter an excellent colleague. I spent a few weeks with 
Peter, during our common visits to each other’s place. The time I spent with 
him was of the highest value to me. He was always open to discussions of new 
ideas, very skillful as a researcher, very friendly, and very patient and gentle. 
I will always cherish Peter and Marta’s warm hospitality during my visits to 
Bratislava. 

We will all miss a very precious member of our community. I will miss a dear 
colleague and friend. 



Prof. Shmuel Zaks 
Department of Computer Science 
Technion, Israel 




Organization 



DISC, the International Symposium on Distributed Computing, is an annual 
forum for research presentations on all facets of distributed computing. The 
symposium was called the International Workshop on Distributed Algorithms 
(WDAG) from 1985 to 1997. DISC 2004 was organized in cooperation with the 
European Association for Theoretical Computer Science (EATCS). 




Conference Chairs Jaap-Henk Hoepman, University of Nijmegen 

Paul Vitanyi, CWI and University of Amsterdam 
Program Chair Rachid Guerraoui, EPFL 

Organizing Committee Wilmy van Ojik, CWI 



Program Committee 




Mustaque Ahamad 


Georgia Tech 


Lorenzo Alvisi 


UT Austin 


James Anderson 


University of North Carolina at Chapel Hill 


Paul Attie 


Northeastern University 


Ozalp Babaoglu 


University of Bologna 


Carole Delporte 


University of Paris VII 


Shlomi Dolev 


Ben-Gurion University 


Pierre Fraigniaud 


CNRS 


Felix Gaertner 


University of Aachen 


Maurice Herlihy 


Brown University 


Nancy Lynch 


MIT 


Michael Merritt 


AT&T 


Achour Mostefaoui 


IRISA 


Mike Reiter 


CMU 


Robert van Renessee 


Cornell University 


Luis Rodrigues 


University of Lisbon 


Paul Spirakis 


University of Patras 


Philippas Tsigas 


Chalmers University 


Paul Vitanyi 


CWI and University of Amsterdam 


Roman Vitenberg 


UCSB 




X 



Organization 



Referees 

Maha Abdallah 
Ittai Abraham 
Uri Abraham 
Adnan Agbaria 
Divyakant Agrawal 
Marcos Aguilera 
Amitanand S. Aiyer 
Emmanuelle Anceaume 
Krzysztof Apt 
Luciana Arantes 
Filipe Araujo 
James Aspnes 
Hagit Attiya 
Yossi Azar 
R. Badrinath 
Sebastien Baehni 
Mahesh Balakrishnan 
Roberto Baldoni 
Amos Beimel 
Zinaida Benenson 
Mark Bickford 
Costas Busch 
Gregory Chockler 
Allen Clement 
Sylvie Delaet 
Yefim Dinitz 
Frederick Ducatelle 
Partha Dutta 
Rui Fan 

Panagiota Fatourou 
Hugues Fauconnier 
Dimitris Fotakis 
Roy Friedman 
Charles Fry 
Juan A. Garay 
Anders Gidenstam 
Garth Goodson 
Eric Goubault 
Maria Gradinariu 
Abishek Gutta 
Phuong Ha 
Martin Haenggi 
David Hales 
Sidath Handurukande 



Mor Harchol-Balter 
Yinnon Haviv 
Jean-Michel Helary 
Ted Herman 
Phuong Hoai Ha 
Michel Hurfin 
Amos Israeli 
Michael A. Jaeger 
Mark Jelasity 
Colette Johnen 
Alon Kama 
Ronen I. Kat 
Idit Keidar 

Anne-Marie Kermarrec 
Alex Kesselman 
Roger Khazan 
Boris Koldehofe 
Lei Kong 

Spyros Kontogiannis 
Petr Kouznetsov 
Danny Krizanc 
Limor Lahiani 
Kofi Laing 
Subramanian 
Lakshmanan 
Gerard Le Lann 
Ron Levy 
Feng Li 

Xiaozhou (Steve) Li 
Zvi Lotker 
Dahlia Malkhi 
Deepak Manohar 
Jean-Philippe Martin 
Marios Mavronicolas 
Maged Michael 
Martin Mink 
Hugo Miranda 
Mark Moir 
Alberto Montresor 
Gero Miihl 
Jeff Napper 
Priya Narasimhan 
Tina Nolte 
Michael Okun 



Rui Oliveira 
Florin Oprea 
Vicky Papadopoulou 
Marina Papatriantafilou 
Simon Patarin 
Lucia Draque Penso 
Sara Tucci Piergiovanni 
Lexi Pimenidis 
Stefan Pleisch 
Bastian Pochon 
Michel Raynal 
Robert van Renessee 
Matthieu Roy 
Eric Ruppert 
Asad Samar 
Christian Scheideler 
Elad Schiller 
Pierre Sens 
Noam Singer 
Jesper Spring 
Maarten van Steen 
Frank Stomp 
Gideon Stupp 
Hakan Sundell 
Mikkel Thorup 
Sebastien Tixeuil 
Peter Triantafillou 
Nir Tzachar 
Sankarapandian 
V ij ay ar aghavan 
Jean-Marc Vincent 
Antonino Virgillito 
Ramesh Viswanath 
Hagen Volzer 
Jaksa Vuckovic 
Marko Vukolic 
Jay J. Wylie 
Reuven Yagel 
Praveen Yalagandula 
Christos Zaroliagis 
Zhiyuan Zhan 
Yi Zhang 
Lantian Zheng 




Table of Contents 



The Synchronous Condition-Based Consensus Hierarchy 1 

Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 

Synchronous Condition-Based Consensus Adapting 

to Input- Vector Legality 16 

Taisuke Izumi and Toshimitsu Masuzawa 

Group-Solvability 30 

Eli Gafni 

The Notion of Veto Number and the Respective Power of OV and OS 

to Solve One-Shot Agreement Problems 41 

Roy Friedman, Achour Mostefaoui, and Michel Raynal 

The Black- White Bakery Algorithm and Related Bounded-Space, 

Adaptive, Local-Spinning and FIFO Algorithms 56 

Gadi Taubenfeld 

Local-Spin Group Mutual Exclusion Algorithms 71 

Robert Danek and Vassos Hadzilacos 

On Quorum Systems for Group Resources with Bounded Capacity 86 

Yuh-Jzer Joung 

Bounded Version Vectors 102 

Jose Bacelar Almeida, Paulo Sergio Almeida, and Carlos Baquero 

An Optimistic Approach to Lock-Free FIFO Queues 117 

Edya Ladan-Mozes and Nir Shavit 

A Single-Enqueuer Wait-Free Queue Implementation 132 

Matei David 

Practical Lock-Free and Wait-Free LL/SC/ VL Implementations 

Using 64-Bit CAS . . 144 

Maged M. Michael 

Efficient Adaptive Collect Using Randomization 159 

Hagit Attiya, Fabian Kuhn, Mirjam Wattenhofer, 
and Roger Wattenhofer 

Nonblocking Concurrent Data Structures with Condition Synchronization . 174 
William N. Scherer III and Michael L. Scott 




XII 



Table of Contents 



Dynamic Memory ABP Work-Stealing 188 

Danny Hendler, Yossi Lev, and Nir Shavit 

Coupling and Self-stabilization 201 

Laurent Fribourg, Stephane Messika, and Claudine Picaronny 

Optimal Randomized Self-stabilizing Mutual Exclusion 

on Synchronous Rings 216 

Philippe Duchon, Nicolas Hanusse, and Sebastien Tixeuil 

Virtual Mobile Nodes for Mobile Ad Hoc Networks 230 

Shlomi Dolev, Seth Gilbert, Nancy A. Lynch, Elad Schiller, 

Alex A. Shvartsman, and Jennifer L. Welch 

Contention-Free MAC Protocols for Wireless Sensor Networks 245 

Costas Busch, Malik Magdon-Ismail, Fikret Sivrikaya, and Biilent Yener 

Relationships Between Broadcast and Shared Memory 

in Reliable Anonymous Distributed Systems 260 

James Aspnes, Faith Fich, and Eric Ruppert 

A Local Algorithm for Ad Hoc Majority Voting via Charge Fusion 275 

Yitzhak Birk, Liran Liss, Assaf Schuster, and Ran Wolff 

Message-Optimal and Latency-Optimal Termination Detection Algorithms 

for Arbitrary Topologies 290 

Neeraj Mittal, Subbarayan Venkatesan, and Sat.hya Peri 

Routing with Improved Communication-Space Trade-Off 305 

It.t.ai Abraham, Cyril Gavoille, and Dahlia Malkhi 

Active and Concurrent Topology Maintenance 320 

Xiaozhou Li, Jayadev Misra, and C. Greg Plaxton 

Distributed Weighted Matching 335 

Mirjam Wattenhofer and Roger Wattenhofer 

Exploiting Content Localities for Efficient Search in P2P Systems 349 

Lei Guo, Song Jiang, Li Xiao, and Xiaodong Zhang 

Compact Routing Schemes for Bounded Tree-Length Graphs 

and for /c-Chordal Graphs 365 

Yon Dourisboure 

Towards a Theory of Consistency Primitives 379 

Ueli Maurer 

Fault-Tolerant Storage in a Dynamic Environment 390 

Uri Nadav and Moni Naor 




Table of Contents XIII 



Non-skipping Timestamps for Byzantine Data Storage Systems 405 

Rida A. Bazzi and Yin Ding 

Efficient Verification for Provably Secure Storage 

and Secret Sharing in Systems Where Half the Servers Are Faulty 420 

Rida A. Bazzi and Goran Konjevod 

Optimal Dispersal of Certificate Chains 435 

Eunjin Jung, Ehab S. Elmallah, and Mohamed G. Gouda 

On Byzantine Agreement over (2, 3)-Uniform Hypergraphs 450 

D. V.S. Ravikant, V. Muthuramakrishnan, V. Srikanth, K. Srinathan, 
and C. Pandu Rangan 

Author Index 465 




The Synchronous 

Condition-Based Consensus Hierarchy* 



Achour Mostefaoui 1 , Sergio Rajsbaum 2 , and Michel Raynal 1 



1 IRISA, Campus de Beaulieu, 35042 Rennes Cedex, France 
{achour ,raynal}@irisa. fr 

2 Instituto de Matematicas, UNAM, D.F. 04510, Mexico 

raj sbaumOmath . unam . mx 



Abstract. In the context of a system made up of n processes where 
at most t can crash, the condition-based approach studies restrictions 
on the inputs of a distributed problem, called conditions, that make it 
solvable, or easier to solve (in case it is solvable without restricting its 
inputs). Previous work studied conditions for consensus and other agree- 
ment problems, mostly for asynchronous systems. This paper considers 
the condition-based approach for consensus in synchronous systems, and 
establishes a bridge between the asynchronous and synchronous models, 
with a hierarchy <S] - ^ C • • • C Sj° C • • • C S® where 5]*' includes all 
conditions (and in particular the trivial one made up of all possible input 
vectors). For a condition C € sj d \ —t<d<t, we have: 

— For values of d < 0 we have the hierarchy of conditions (we intro- 
duced in PODC’Ol) where consensus is solvable by more and more 
efficient protocols in an asynchronous system with t failures, as we 
go from d = 0 to d = —t. 

— For values of d > 0 consensus is not solvable in an asynchronous 
system with t failures, but it is solvable in a synchronous system 
with more and more rounds, as we go from d = 1 (two rounds) to 
d = t (t + 1 rounds). 

— d = 0 is the borderline case where consensus is solvable in an asyn- 
chronous system with t failures, and optimally in a synchronous sys- 
tem (we proved this in DISC’03). 

The two main results of this paper are proving the second item above. For 
the upper bound, the paper presents a generic synchronous early-deciding 
uniform consensus protocol. When instantiated with a condition C £ 

1 < d < t < n, the processes decide in at most min(a+ 1, / + 2, t+ 1) 
rounds, where / is the number of actual crashes, and a = d if the input 
vector belongs to C, or a = +oo otherwise. The paper establishes a 
corresponding lower bound stating that d + 1 rounds are necessary to get 
a decision when the input vector belong to C. 

Keywords: Condition, Consensus, Early deciding, Input Vector, Mes- 
sage passing, Process crash failure, Synchronous distributed system. 

* This work has been supported by a grant from LAFMI (Franco-Mexican Lab 
Computer Science). Proofs ommitted here for lack of space appear in [26]. 



R. Guerraoui (Ed.): DISC 2004, LNCS 3274, pp. 1—15, 2004. 
(c) Springer- Verlag Berlin Heidelberg 2004 




2 



Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 



1 Introduction 

Context of the paper. The consensus problem is a central paradigm of fault- 
tolerant distributed computing informally stated as follows. Each process pro- 
poses a value, and each non-faulty process has to decide a value in such a way 
that a decided value is a proposed value and the non-faulty processes decide the 
same value. Uniform consensus is a stronger version of the problem where it is 
required that no two processes (correct or faulty) decide distinct values. 

This paper considers a synchronous distributed model with n processes. A 
process can be faulty only by crashing, and at most t (1 < t < n) processes 
can crash in a run. There are many papers with algorithms and lower bounds 
for consensus in this model (e.g., see [29] for a survey). It has been shown that 
both consensus and uniform consensus require t + 1 rounds in the worst case 
[11, 12, 20]. Let / be the number of processes that actually crash during a given 
run (0 < / < t). For early deciding consensus, it has been shown that consensus 
requires at least /+ 1 rounds [2,21,22], while early deciding uniform consensus 
requires at least min(/ + 2, t+ 1) rounds (/ < t — 1) [7, 19]. Protocols that meet 
those lower bounds have been designed, thereby showing that they are tight. 

In contrast to synchronous systems, consensus (hence, also uniform consen- 
sus) cannot be solved in asynchronous systems even if only a single crash failure 
is possible [13]. Several approaches have been proposed to circumvent this im- 
possibility result, such as probabilistic protocols (e.g., [4]), failure detectors and 
partially synchronous models (e.g., [6, 10, 17, 27]), stronger communication prim- 
itives (e.g., [16]) and weaker versions of consensus (e.g., [5,8]). More recently, 
the condition-based approach to circumvent the consensus impossibility result 
has been studied (e.g., [1, 14, 23, 25]). This approach restricts the possible inputs 
to a distributed problem to make it solvable, or to solve it more efficiently. For 
example, if we assume that “more than a majority of processes propose the same 
value” then consensus is solvable for t = 1 in an asynchronous system. A subset 
of inputs is called a condition and consists of a set of vectors; each entry of a 
vector contains the private input value of one process. 

Motivation. In a previous work [23] we identified the conditions for which con- 
sensus is solvable in an asynchronous distributed system with t failures, and 
called them t-legal. Roughly, C is x-legal if its associated graph G(C, x) satisfies 
the following condition. The graph contains as vertices the input vectors of C , 
and two vertices are connected with an edge iff their Hamming distance is at 
most x. Then, C is x-legal if for every connected component of G{C, x) there 
is a value v that appears more than x times in every one of its vertices. Thus, 
there are connections with coding theory [14]. 

Very recently, two papers [24,30] started investigating the condition-based 
approach in synchronous systems. In [24] we discovered that uniform consensus 
is solvable in two rounds with any t-legal condition. More precisely, we presented 
(1) a condition-based uniform consensus protocol that terminates in two rounds 
when the input vector belongs to the condition whatever the actual number of 
failures / (and in one round when additionally / = 0), and in t + 1 rounds 




The Synchronous Condition-Based Consensus Hierarchy 



3 



otherwise, and (2) a theorem showing that if uniform consensus is solvable for 
a condition C in two rounds when the input vector belongs to C, whatever the 
number / of crashes (/ <t < n), then C is (t— l)-legal. Thus, these results relate 
synchronous and asynchronous systems where t processes can crash: uniform 
consensus in an asynchronous system is solvable for a condition C if and only if 
it is solvable optimally in a synchronous system (optimally because any uniform 
consensus algorithm needs at least two rounds to decide [19]). 

Another bridge between synchrony and asynchrony was discovered in [30]. 
Considering a slightly weaker synchronous model (see Section 3.1) and assuming 
t < n/2, that paper presents a protocol that solves consensus in d + 2 rounds 
for any (t — d)-legal condition, for 0 < d < t, when the input belongs to the 
condition, and in t + 1 rounds when the input does not belong to the condition. 
These two papers thus leave open the general situation of 0 < d < t, both for 
designing condition-based early deciding protocols, and proving lower bounds on 
the number of rounds needed to solve condition-based synchronous consensus. 
The goal of this paper is to answer these questions as well as to explore further 
the relation between synchronous and asynchronous systems. 



Results. This paper introduces a full classification of conditions for consensus, 
establishing a continuum between the asynchronous and synchronous models, 
with the hierarchy 

sj _t] c • • • c S t [yI c s| y+1] c • • • c s\ 0] c • • • c sto c <sj x+1] C • • • C <s] t] . 



A condition C is in <S ( ^ , — t < d < t iff it is (f — d)-legal. This hierarchy exposes 
further relations with the asynchronous model: 



— For values of d < 0 consensus is solvable in an asynchronous system with 
t failures, and we get a hierarchy of conditions described in [25], where it 
is possible to solve asynchronous consensus with more and more efficient 
protocols as we go from d = 0 to d = — t (where it is solved optimally). 

— For values of d > 0 consensus is not solvable in an asynchronous system with 
t failures, but we get a hierarchy of conditions where consensus is solvable 
in a synchronous system with more and more rounds as we go from d = 1 
(which requires only two rounds) to d = t (which requires t + 1 rounds, but 
where any condition is possible). 

— d = 0 is the borderline case where consensus is solvable in an asynchronous 
system with t failures, and optimally in a synchronous system. We proved 
this in [24]. 

The two main results presented in this paper are proving the second item above. 
For the upper bound, the paper presents a generic synchronous early-deciding 
uniform consensus protocol. When instantiated with a condition C in sf ^ , 1 < 
d<t, the protocol 1 solves the problem in at most min(a+ 1, / + 2, t + 1) rounds, 
where a — d if the input vector belongs to C, or a = +oo otherwise. The 

For clarity, we leave out from this extended abstract the simple extension to d = 0. 



l 




4 



Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 



second result is a lower bound for synchronous consensus conditions, namely, 
when d > 1, any consensus protocol based on a condition C G s\ d ^ has a run in 
which at least d + 1 rounds are necessary to get a decision. 

The design of a synchronous condition-based consensus protocol that keeps 
the early deciding property is not an easy challenge. An early-deciding protocol 
must somehow reconcile two potentially conflicting values: the value possibly de- 
cided from the condition and the value possibly decided from the early deciding 
mechanism. Handling this conflict without requiring additional rounds reveals 
to be far from being trivial. 

The investigation of relations between synchronous and asynchronous models 
is an important question (e.g., [15,18,22]). For our lower bound we use tech- 
niques from [19, 22]. Gafni’s relation (that an asynchronous system with at most 
k failures can implement the first \t/k\ rounds of a synchronous system with t 
failures) [15] does not seem to imply our results. In [18] it is identified a mathe- 
matical structure that can be used to model both synchronous and asynchronous 
systems, useful to prove fc-set agreement lower bounds. 

This paper is organized as follows. General background about the condition- 
based approach and consensus in asynchronous systems appear in Section 2. 
The synchronous model and corresponding condition-based definitions appear in 
Section 3. The condition-based synchronous protocols are described in Section 4. 
The lower bound is proved in Section 5. (Proofs appear in [26].) 



2 The Condition-Based Approach to Solve Consensus 

2.1 The Consensus Problem 

In the uniform consensus problem every process pt proposes a value v t and the 
processes have to decide on a value v, such that the following three properties 
are satisfied: 

— Termination: Every correct process eventually decides. 

— Validity: If a process decides v, then v was proposed by some process. 

— Uniform Agreement: No two (correct or not) processes decide 

different values. In the following V denotes the set of values that can be proposed 
by the processes, |V| > 2. 

2.2 The Condition-Based Approach in Asynchronous Systems 

An input vector is a size n vector, whose i-tli entry contains the value proposed 
by pi, or T if pi did not take any step in the execution, L f V. It will be 
convenient to assume that Va € V, T < a. We usually denote with / an input 
vector with all entries in V, and with J an input vector that may have some 
entries equal to _L; such a vector J is called a view. The set V" consists of all 
the possible input vectors with all entries in V, and V" denotes the set of all 




The Synchronous Condition-Based Consensus Hierarchy 



5 



possible input vectors with all entries in VU{1} and at most x entries equal to 
_L. 

For IeV, T x denotes the set of possible views J such that J is equal to / 
except for at most x entries that are equal to _L. A condition C is a subset of 
V”, i.e. , C C V". Given C, C x denotes the union of the l x s over all I € C, i.e., 
Cx — U / (_ ( ' Al' ■ 

For any pair of vectors J 1, J 2 G V”, J 1 is contained in J 2 (denoted J 1 < J 2) 
if Vfc : Jl[k] ^ _L => Jl[fc] = J2[k]. Finally, # a (J) denotes the number of 
occurrences of a value a in the vector J, with a G VU { _L}. Finally, dist(J , J') is 
the Hamming distance separating J and J' , where J and J' are two vectors of 
V”. We can now present the main definition of [14,23] as formulated in [30]: 

Definition 1. A condition C is a:-legal if there exists a mapping h : C i— > V 
with the following properties: 

- VI G C: #h(i)(I) > x, and 

- VII, 12 G C: h(1 1) ^ h(I2) => dist(Il,I2) > x. 

A main result of [23] is the following. 

Theorem 1. [23] A condition C allows to solve consensus in an asynchronous 
system prone to up to t process crashes if and only if it is t-legal. 

A general method to define t-legal conditions is described in [25] where two 
natural t-legal conditions are defined. By way of example, we present here one 
of them, Clt- Let max(I) denote the greatest value of I. Then 

(JGCl t ) = f # m ax(/)00 >t- 

It is easy to check that Cl* is t-legal with h(I) = ma x(7), and, when at least 
t + 1 entries of the input vector / are equal to its greatest entry, consensus can 
be solved despite up to t process crashes using h. Moreover, it is shown in [23] 
that Cl* is maximal. 

Definition 2. An x-legal condition C is maximal if any vector added to C makes 
it non x-legal. 

While legality has been useful to prove lower bound results, an equivalent 
formulation called acceptability in [23] is more convenient to design protocols. 
This formulation is in terms of a predicate P and a function S that are required 
to satisfy the following: 

- Property T c^p'- I & C => VJ G I x : P(J). 

- Property Vp^g: VJ G V”: 

P(J) => S(J)= a non-_L value of J (determ, chosen). 

- Property A p^s: VJ1, J2 G V": 

'p(Jl) A P(J2) A (J1 < J2) => S(J1) = S(J2). 




6 



Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 



Assume up to x processes can crash in the system. Then every I £ V n is a 
possible input vector, and any J such that J < I and J £ V™ can be a view of 
it obtained by a process pi. Intuitively, the first property allows p t to test from 
its view if the input vector may belong to C. The second property is used to 
guarantee validity. The third property is used to guarantee agreement. 

Definition 3. A condition C is ^-acceptable if there exist a predicate P and a 
function S satisfying the properties T c^p, A and Vp^s- 

We have the following equivalence: 

Theorem 2. [23] A condition C is x-acceptable if and only if it is x -legal. 

It is shown in [23] that Cl* is f-acceptable with the following predicate P and 
function S: 

- P1(J) = #ma > t - #_l(J), and 

— <ST(J) =ma x(J). 



2.3 Hierarchy in Asynchronous Systems 

Let us define <sj^ to be the set of all (t — d)-legal conditions, for —t<d< 0. 
As stated in Theorem 1, consensus is solvable in an asynchronous system prone 
to up to t process crashes for C if and only if C € <sj°' . It is easy to check that 

s [ d -i] 

C «Sj^. Thus, if C is (t — d)-legal, for d < 0, then consensus is also solvable 
for C. It turns out [25] that in fact it is possible to solve asynchronous consensus 
with more and more efficient protocols as we go from d = 0 to d = — f, where it 
is solved optimally. In this sense we have the hierarchy 

C • • • C s| yl C <s]' y+1] C • • • C 5 t [0] . 

3 Hierarchy of Conditions for Synchronous Systems 

3.1 Computation Model 

The system model consists of a finite set of processes, II = { pi , ... ,p n }, that 
communicate by sending and receiving messages through channels. Every pair 
of processes pi and pj is connected by a channel denoted ( Pi,Pj )• The under- 
lying communication system is assumed to be failure-free: there is no creation, 
alteration, loss or duplication of message. An execution consists of a sequence of 
rounds. For the processes, the current round number appears as a global variable 
r that they can read, and whose progress is managed by the underlying system. 
A round is made up of three consecutive phases: (1) A send phase in which each 
process sends messages; (2) A receive phase in which each process receives all 
the messages that were sent to it in the round, (3) A computation phase in which 
each process processes the messages it received during that round. 




The Synchronous Condition-Based Consensus Hierarchy 



7 



A process is faulty during an execution if it prematurely stops its execution 
(crash). After it has crashed, a process does nothing. We assume that at most 
t processes can crash, while / denotes the actual number of faulty processes 
during a run, with 0 < / < f and 1 < t < n. 

In a send phase a process sends the same message to each process in a pre- 
determined order. We use this to obtain views of input vectors ordered by con- 
tainment. In contrast, some other synchronous models, like the one considered 
in [30], the adversary can choose any subset of the messages sent by a crashed 
process to be lost. To obtain an effect similar to the containment property, [30] 
assumes t < n/2. 

3.2 (t, d)synch- Acceptability 

This section shows that the acceptability notion that has been used in the past 
to study asynchronous systems is also suited to synchronous systems where up 
to t processes can crash (t < n). As we are interested in a hierarchy of classes 
of conditions, we introduce a parameter d (0 < d < t) related to the position of 
the class in the hierarchy. 

Definition 4. A condition C is (t, d) sync h~ acceptable if it is ( t — d)- acceptable. 

Thus, when we consider a synchronous system where up to t processes can 
crash, it is possible to associate a pair of parameters P and S with a ( t , d) syn ch- 
acceptable condition C such that 

- Property T c^p- J € C t -d => P(J)- 

- Property Vp^s: VJ € Vf_ d : P{J) => S(J)= a non- A value of J. 

- Property A^ s : VJ1, J2 G Vf_ d : 

P{J 1) A P(J2) A (J1 < J2) => S'(Jl) = S(J2). 



3.3 A Hierarchy of Classes of Conditions 

Let be the set of all the (t, d) sync h-a.cceptable conditions. The class of 
{tit) synch -acceptable conditions is the largest one and includes every condition, 
while the class of (f, 0) S j /rac ft,-acceptable conditions is the smallest one is equal to 
the class of f-acceptable conditions. 

Theorem 3. IfC is (t, d) sync h- acceptable then it is also (f, d+1) sync h- acceptable. 
Moreover, there exists at least one condition that is {t,d+l) sync h- acceptable but 
not (t,d) S y nc h -acceptable. 

That is, we have C • • • C C C • • • C s\^ . The proof of this 

result follows from the equivalent result for asynchronous systems in [23] , since 
by definition a (t, d) s^nc/j-acceptable condition is (t — d)-acceptable. It is proved 
there that Clt-d-i is (t, d + l) s?/nc /i-acceptable but not (f, d) synch-acceptable . 




Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 



4 A Condition-Based Synchronous Protocol 

The aim of this section is to present a synchronous uniform consensus protocol 
that, when instantiated with a (f, d) sync h-SiCceptab\e condition c\ d \ allows the 
processes to decide in at most min(a + 1 ,/ + 2 ,t + 1 ), where a = d if the 
input vector I belong to c\ d \ and a = +oo otherwise. As already noticed, when 
I € C\ d] , decision occurs by round d + 1 whatever the number / < t of actual 
process crashes, and their occurrence pattern (i.e., even if there is a crash per 
round) . 

The protocol is presented in an incremental way. The first step enriches a 
flood set protocol to take into account (t, d) S j /rac ? l -acceptable conditions. It is not 
early-deciding: the processes decide in at most d+ 1 rounds when the input vector 
belongs to the condition, and in at most t- 1-1 rounds otherwise. Then, this basic 
protocol is in turn enriched to take into account the early deciding possibilities, 
providing a protocol where the processes decide by round min(a + 1, / + 2, t + 1). 

Notations. UP r denotes the set of processes that have not crashed by the end 
of round r. V[ denotes the value of V) after it has been updated by pi during 
round r (e.g., after line 111 in the protocol described in Figure 1). Similarly, w\ 
denotes the value of wy at the end of round r. 



4.1 Basic Protocol: Principles and Description 

A synchronous uniform consensus condition-based protocol that tolerates t 
crashes is described in Figure 1. It is assumed to be instantiated with the 
pair (P, S ) of parameters associated with a (f, d) sync h-acceptab\e condition C 
(1 < d < t). It terminates in at most d + 1 rounds when the input vector belongs 
to C, and in at most t+ 1 rounds otherwise. 

As previously indicated, this first protocol can be seen as the composition of 
two sub-protocols, the round number r (1 < r < t+ 1) acting as the composition 
glue. More precisely, we have the following. The first sub-protocol is the classical 
flood set uniform consensus protocol [3,21,29] which ensures the t + 1 lower 
bound when the input vector does not belong to C (the condition the protocol 
is instantiated with). The second sub-protocol addresses the condition part. It 
is based on the following principles. Let pi and pj be two processes in UP r . 

— At the beginning of a round (line 104), a process Pi sends to the other 
processes (in a predetermined order, namely, first to pi, then p 2 , etc.) the 
set newt of the new values it has learnt during the previous round. It also 
sends two other values: Wi that is its current knowledge on the value that 
should be decided from the condition, and a boolean flag toojrriuch-f, (see 
below) . 

— Then (line 105), pi decides the value Wi determined from the condition (if 
there is such a value). Let us observe that this can happen only from the 
second round. 




The Synchronous Condition-Based Consensus Hierarchy 



9 



— A process pi then enriches its current view V) of the input vector (lines 
109-112). This view is used to compute the value Wi determined from the 
condition (if any) or to deterministically extract from this view and decide 
a value (see the lines 120 and 124 when = _L). 

— The lines 113-122 constitute the core of the protocol as far as the condition 
approach is concerned. As we can see it is made up of two parts according 
to the current round number. 

• r = 1. If pi has got a view V., : of the input vector with at most ( t — d) 
crashes (line 114), it looks if V, : could be from an input vector I belonging 
to the condition C. If it is the case, pt computes the corresponding value 
Wi determined from the ( t — (i)-acceptable condition C. 

If pi has got a view V) of the input vector with more than (t — d) crashes 
(line 115), it sets the flag too_much_fi thereby indicating there are too 
many failures for it to test whether the view could be from an input 
vector of the condition. 

• r > 1. In that case, pt adopts the value that has to be decided from the 
condition (line 118), if it is possible ( v € Wi) and has not already been 
done ( Wi = _L). 

Then, if the predicate r = d + 1 A TOO_MUCH_Fi is satisfied, pi 
decides (line 119). If there is a value determined from the condition, pi 
decides it. Otherwise, pi decides a value deterministically chosen from 
its current view V). 

The predicate r = d + 1 A TOO -MU CH _F, states that at least one 
process has seen more than ( t — d) crashes during the first round. As 
we will see (Lemma 1), in that case two processes Pi,Pj £ UP d+1 have 
necessarily the same view at r = d + 1. Thus, the processes decide the 
same value that is either the value v determined from the condition (they 
have it in their wi local variables), or the same value deterministically 
extracted from the same view V) = Vj. 



Theorem 4. Let us assume that the input vector belongs to the condition. The 
protocol described in Figure 1 terminates in: (i) 2 rounds when no more than 
( t — d ) processes crash by the end of the first round , (ii) and at most d+1 rounds 
otherwise. 

The following lemma is a key lemma for establishing consensus agreement. 

Lemma 1. Let X\ be the number of processes that have crashed by the end of 
the first round. Either (i) V[ G for every pi £ UP r , or else (ii) x\ > 

t — (r — 1). Moreover, if x i > t — (r — 1) then V[ = Vf, for every Pi,Pj € UP r . 

Theorem 5. When instantiated with a condition C € <S]^, the protocol de- 
scribed in Figure 1 solves the uniform consensus problem. 




10 



Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 



Function CB^ _Consensus(vi) 

(101) Vi <— [_L,. . . , _L] ; V5[t] <— v t ; newi <— {(vi,i)}; 

Wi < — _L; toojmuch.fi <— false; 

(102) when r = 1, 2, . . . , t + 1 do 

(103) begin_round 

(104) send ( newi,Wi,too_much_fi ) to p\, . . . ,p n in that order; 

(105) if ( Wi _L) then return ( Wi ) end_if; 

(106) let rec-frorm[j]= neuij set received from pj (if any), otherwise 0; 

(107) let Wi= the set of Wj values received; % Wi = {«} or {+} or{v, _L} % 

(108) let T OO.M U CH_F t = V-j toojnuch.fj (“oring” of the rec. values); 

(109) neu>i <— 0; 

(110) for_each j do for_each (x,k) € rec_frorm[j] do 

(111) if ( Vi[k\ = _L) then Vi[k\ <— x; newt <— newi U {(x, k)} end_if 

(112) end_do end_do; 

(113) case (r =1) then 

(114) case (jf±(Vi) <t — d) then if P{Vi) then Wi <— S(Vi) end_if 

(115) (#j-(Ri) > t — d) then tooxmuch.fi <— true 

(116) end_case 

(117) (r >1) then 

(118) if ( Wi = 1A (v £ Wi with v ^ _L)) then Wi < — v end_if; 

(119) if (r = d + 1 A TOO.MUCH.Fi) then 

(120) if ( Wi ^ _L) then return ( Wi ) else return (min (Vi)) end_if 

(121) end_if 

(122) end_case 

(123) end_round; 

(124) if ( Wi ^ _L) then return ( Wi ) else return (min(V))) end_if 



Fig. 1. A Synchronous Condition-Based Uniform Consensus Protocol (1 < d < t < n) 

4.2 Adding Early Decision to Condition: A Generic Protocol 

This section enriches the previous protocol to get a protocol that decides in 
min (a + 1,/ + 2,t + 1), where a = d if the input vector I belong to c\ d \ and 
a = +oo otherwise. As already noticed, when I £ c[ d \ decision occurs by round 
d+ 1 even if there is a crash per round. In that sense, this protocol benefits from 
the best of both possible worlds (early decision and condition) . 

As indicated in the Introduction, the main difficulty in combining early de- 
cision (that comes from the fact that / is smaller than t ), and the use of a 
condition, lies in a correct handling of the possible conflict between the value 
possibly decided from the early decision mechanism and the value possibly de- 
cided from the condition. 

To keep the structure clear and makes the understanding and the proof rel- 
atively easy, we enrich the basic protocol (Figure 1) only with additional state- 
ments that do not interfere with previous statements (i.e., this means that there 
is no modification of existing statements and the new statement reads and writes 
its “own” variables). The resulting general protocol is described in Figure 2. 






The Synchronous Condition-Based Consensus Hierarchy 



11 



The additional lines are the lines 205-a, 205-b, and 205-c. These lines define 
a new local variable, namely, nbj [r] , that counts the number of processes from 
which pi has received a message during the round r (nbi[— 1] and nbi [0] are ap- 
propriately initialized for consistency purpose). A new predicate (early -deci) on 
the values of these local variables is defined. The aim of the early-deci predicate, 
namely, 



((nbi[r\ > n — r + 2) V (r > 2) A (nbi[r — 2] = nbi[r — 1])) 

is to provide early decision whenever it is possible. This predicate is made up of 
two parts. 

— Assuming that there are at most / crashes, the worst case is when there is one 
crash per round from the first round until round / (so, there is no more crash 
after round /). The aim of the first predicate, namely ( nbi[r\ > n — r + 2), 
is to ensure that no more than / + 2 rounds can be executed. As (n — f) 
processes do not crash, we have ( nbi[r\ > n — /) at any round r; therefore, 
using (nbi [r] > n — r + 2) as a decision predicate guarantees that a process 
decides at the latest at the round r = / + 2. 

— The second part of the predicate aims at ensuring termination as early as 
possible, and not only at the end of the round / + 2. This can occur when 
several processes crash during the same round. For example if / processes 
crash before the protocol execution and no process crashes later, we do not 
want to delay the decision until round / + 2. This kind of very early decision 
is ensured by the predicate nbi[i — 2] = nbi[r— 1] which states that pi received 
messages from the same set of processes during two consecutive rounds [9, 
20, 29]. When this occurs, Pi can safely conclude that it knows all the values 
that can be known (as it got messages from all the processes that were not 
crashed at the beginning of r — 1). In order to prevent a possible conflict 
between the value decided by the early decision mechanism and the value 
decided from the condition (if any), the predicate rib , [r — 2] = nbi[r — 1] must 
not be evaluated during the first two rounds. (This particular case motivated 
the first part of the predicate, namely ( nbi[r ] > n — r + 2), which works for 
any round r, but cannot ensures early decision before the round / + 2.) 

Early decision makes possible that several processes do not decide during 
the same round. So, it is crucial to prevent a process Pi to erroneously consider 
as crashed a process pj that decided in a previous round. To prevent such a 
possibility, a process pj that decides during a round r is required to execute an 
additional round after deciding, thereby informing any other process pi not to 
consider it as crashed in the rounds r' > r+ 1. In order not to overload the pre- 
sentation of the protocol, this additional round and the associated management 
of the variable nbi are not described in Figure 2. 

Theorem 6. The protocol described in Figure 2 allows the processes to decide 
in at most min(a + 1, / + 2, t + 1) rounds, where a = d if the input vector I 
belongs to c[ d ^ , and a = +00 otherwise. 




12 



Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 



Function ED.CB^ _Consensus(vi) 

(201) Vi <— [_L, . . . , -L]; Vi[i\ <— vp, newi <— {(v,,!)}; Wi <— _L; too.much.fi <— false-, 

(202) when r = 1, 2, . . . , i + 1 do 

(203) begin_round 

(204) send (newi, Wi, too.much.fi) to pi, . . . ,p„ in that order; 

(205) if ( Wi # -L) then return (uu) end_if; 



(205)-a let nbi[r] = number of proc. from which pi received msgs during r; 

Initial values: nbi[— 1] <— (n + 1); nbi[ 0] <— n; 

(205)-b let early jdect = 

( nbi[r ] > n — r + 2) V ((r > 2) A ( nbi[r — 2] = nbi[r — 1])); 
(205)-c if ( eariyjded ) then return (min (14:)) end_if; 



(206) let rec.fromi[j]= newj set received from pj (if any), otherwise 0; 

(207) let Wi= the set of Wj values received; % Wi = {«} or {±} or{u, ±} % 

(208) let TOO.MUC H _Fi = V,- too.much.fj (‘oring” of the values received); 

(209) newi <— 0; 

(210) for_each j do for_each (x,k) € rec.fromi[j ] do 

(211) if (14 [fc] = _L) then 14 [fc] <— *; newt <— newt U {(x, k)} end_if 

(212) end_do end_do; 

(213) case (r =1) then 

(214) case (#±(14) > t — d) then too.much.fi <— true 

(215) (#±(14) < t — d) then if P(14) then Wi <— 5(14) end_if 

(216) end_case 

(217) (r >1) then 

(218) if (wi = _L A (v G 114 with v # _L)) then uu <— v end_if; 

(219) if (V = d + 1 A TOO-MUCH_Fi) then 

(220) if ( Wi # _L) then return ( uu ) else return (min(14)) end_if 

(221) end_if 

(222) end_case 

(223) end_round; 

(224) if (uii # _L) then return ( Wi ) else return (min(14)) end_if 



Fig. 2. Early Deciding Condition-Based Uniform Consensus Protocol (1 < d < t < n) 



Theorem 7. When instantiated with a condition C £ s\ d \ the protocol de- 
scribed in Figure 2 solves the uniform consensus problem. 



5 Lower Bound 

Consider the protocol of Figure 1, instantiated with the pair of parameters (P, S) 
associated with a ( t , d) S j /rac ? l -acceptable condition C. Theorem 4 states that this 
protocol has a worst case round complexity of t + 1 rounds. This is known to 
be optimal [12, 20]. Theorem 4 also states that the protocol terminates in d + 1 






The Synchronous Condition-Based Consensus Hierarchy 



13 



rounds when the input vector belongs to the condition. Assuming the input 
vector always belongs to the condition, this section proves a corresponding lower 
bound. 

We would like to prove that, given any (t, d) sync /j-acceptable condition G, 
there is no protocol that terminates in less than d + 1 rounds on all input vec- 
tors that belong to the condition. However, this is clearly not true. Consider the 
condition C = {0”}, which is trivially x- legal for every x < n. Taking d = 1, C 
is (t. 1) S j /rac ft,-acceptable, and hence, the protocol of Figure 1 always terminates 
in two rounds with input 0" (Theorem 4). But, when we assume that the input 
vector always belongs to C, there is a simple protocol that allows the processes 
to decide without executing rounds (namely, a process decides 0 without com- 
municating with the other processes!). We avoid this anomaly by working with 
(f, d)-acceptable conditions that are maximal (Definition 2): any vector added to 
such a condition makes it non (t, d)-acceptable. We have the following straight- 
forward lemma: 

Lemma 2. Let C be a (t, d) sync h- acceptable with the associated pair of parame- 
ters (P, S). Then, if a = S(I) for I € C, the value a must appear at least t — d+1 
times in I. 

As in [23, 25], it is convenient to work with a graph representation of legality. 
Given a condition C and a value of t, we associate with it a graph G^ (G, t) 
defined as follows. Its vertices are the input vectors I of G plus all their views 
with at most t — d entries equal to _L (i.e., all the views J such that 3 I £ C : J < 
I A #_l(J) < (t — d)). Two vertices Jl, <72 are connected by an edge if and only 
if Jl < J 2 and they differ in exactly one position. Notice that two vertices Jl, 1 2 
of G are connected (by a path) if their Hamming distance dist(1 1, 12) < (t — d). 
We have the following lemma [23,25]: 

Lemma 3. A condition C is (t,d) syn ch- acceptable if and only if for every con- 
nected component of G^(C,t) there is a value v that appears in every one of its 
input vectors. 

Thus, the function S of the acceptability definition identifies a value that appears 
in every one of the input vectors of a connected component. If G is a (t, d) sync h- 
acceptable condition with associated P,S, for any two vectors Jo,/i € G, we 
have that if S(Iq) ^ S(I\), then dist(Io,h) > t — d+1. This bound is tight if 
G is maximal: 

Lemma 4. If C is a maximal (t, d) sync h- acceptable condition then for any as- 
sociated pairs (P,S) of parameters, there exist two vectors Iq,I\ in C such that 
S(Iq) ^ S(Ii) and dist(Io , If) = t — d+ 1. 

The proof of our lower bound theorem uses the previous lemmas and the 
similarity notion defined below. It is fully described in [26]. From a technical 
point of view, it is based on the proof in [19] (and that proof is based on [22]). 
Lower bound and impossibility proofs for distributed algorithms are typically 
based on a notion of similarity. We use the following definition. 




14 



Achour Mostefaoui, Sergio Rajsbaum, and Michel Raynal 



Definition 5. States x and y are similar, denoted x ~ y, if they are identical , 
or if there exists a process pj such that (a) x and y are identical except in the 
local state of Pj ; and (b ) there exists a process pi / pj that is non- failed in both 
x and y (so, x and y are identical at least at Pi). 

A set X of states is similarity connected if for every x, y € X there are states 
x = xq, • • • , x m = y such that Xi ~ Xi+\ for all 0 < i < to. 

Given a state x, consider the execution extending x in which no failures occur 
after state x. Since the algorithm solves uniform consensus, then all correct 
processes must decide upon the same value in this execution. We denote this 
decision value by val(x). 

Lemma 5. Let t < n — 2, and X be a similarity connected set of states in which 
at most £ processes have failed, and assume that after k + 1 rounds every process 
has decided, for k + £ < t — 1. Then for every x, x' € X, val(x ) = val(x'). 

The following theorem states our lower bound result: 

Theorem 8. Consider an algorithm for uniform consensus with up to t failures, 
where 1 < t < n — 2, and let C be a (t, d) sync h- acceptable condition. For every 
1 < d < t there exists a run of the algorithm starting in C, in which it takes at 
least d + 1 rounds for a correct processes to decide. 

References 

1. Attiya H., and Avidor Z., Wait-Free n-Set Consensus When Inputs Are Restricted. 
16th Int. Symp. on Distributed Computing , Springer Verlag LNCS #2508, pp. 326- 
338, 2002. 

2. Aguilera M.K. and Toueg S., A Simple Bivalency Proof that t-Resilient Consensus 
Requires t + 1 Rounds. Information Processing Letters, 71:155-178, 1999. 

3. Attiya H. and Welch J., Distributed Computing: Fundamentals, Simulations and 
Advanced Topics, McGraw Hill, 451 pages, 1998. 

4. Ben Or M., Another Advantage of Free Choice: Completely Asynchronous Agree- 
ment Protocols. 2nd ACM Symposium on Principles of Distributed Computing 
(PODC’83), pp. 27-30, Montreal (CA), 1983. 

5. Chaudhuri S., More Choices Allow More Faults: set Consensus Problems in Totally 
Asynchronous Systems. Information and Computation, 105:132-158, 1993. 

6. Chandra T.K. and Toueg S., Unreliable Failure Detectors for Reliable Distributed 
Systems. Journal of the ACM, 43(2):225-267, March 1996. 

7. Charron-Bost B. and Schiper A., Uniform Consensus is Harder than Consensus. 
Technical Report DSC/2000/028, EPFL, Lausanne (Switzerland), May 2000. 

8. Dolev, D., Lynch, N. A., Pinter, S. S., Stark, E. W., and Weihl, W. E., Reaching 
Approximate Agreement in the Presence of Faults. JACM, 33(3):499-516, 1986. 

9. Dolev D., Reischuk R. and Strong R., Early Stopping in Byzantine Agreement. 
JACM, 37(4):720-741, April 1990. 

10. Dwork C., Lynch N. and Stockmeyer L., Consensus in the Presence of Partial 
Synchrony. JACM, 35(2):288-323, April 1988. 

11. Dwork C. and Moses Y., Knowledge and Common Knowledge in a Byzantine 
Environment: Crash Failures. Information Computation, 88(2): 156-186, 1990. 




The Synchronous Condition-Based Consensus Hierarchy 



15 



12. Fischer M.J. and Lynch N., A Lower Bound for the Time to Assure Interactive 
Consistency. Information Processing Letters, 71:183-186, 1982. 

13. Fischer M.J., Lynch N.A. and Paterson M.S., Impossibility of Distributed Consen- 
sus with One Faulty Process. JACM, 32(2):374-382, 1985. 

14. Friedman R., Mostefaoui A., Rajsbaum S. and Raynal M., Asynchronous Dis- 
tributed Agreement and its Relation with Error Correcting Codes. 16th Int. Symp. 
on Distributed Computing, Springer Verlag LNCS #2508, pp. 63-87, 2002. 

15. Gafni E., Round-by-round fault detectors: Unifying synchrony and asynchrony. 
17th ACM Symp. on Principles of Distributed Computing, pp. 143-152, 1998. 

16. Herlihy M.P., Wait-Free Synchronization. ACM TOPLAS, 11(1):124-149, 1991. 

17. Hurhn M., Mostefaoui A. and Raynal M., A Versatile Family of Consensus Proto- 
cols Based on Chandra- Toueg’s Unreliable Failure Detectors. IEEE Transactions 
on Computers, 51(4):395-408, 2002. 

18. Herlihy M.P., Rajsbaum S., and Tuttle M.R., Unifying synchronous and asyn- 
chronous message-passing models. 17th ACM Symp. on Principles of Distributed 
Computing , pp. 133-142, 1998. 

19. Keidar I. and Rajsbaum S., A Simple Proof of the Uniform Consensus Synchronous 
Lower Bound. Information Processing Letters, 85:47-52, 2003. 

20. Lamport L. and Fischer M., Byzantine Generals and Transaction Commit Proto- 
cols. Unpublished manuscript, 16 pages, April 1982. 

21. Lynch N.A., Distributed Algorithms. Morgan Kaufmann Pub., San Francisco (CA), 
872 pages, 1996. 

22. Moses, Y. and Rajsbaum, S. A Layered Analysis of Consensus, SIAM Journal of 
Computing 31(4):989-1021, 2002. 

23. Mostefaoui A., Rajsbaum S. and Raynal M., Conditions on Input Vectors for Con- 
sensus Solvability in Asynchronous Distributed Systems. JACM, 50(6):922-954, 
2003. 

24. Mostefaoui A., Rajsbaum S. and Raynal M., Using Conditions to Expedite Con- 
sensus in Synchronous Systems. 17th Int. Symposium on Distributed Computing, 
Springer- Verlag LNCS #2848, pp. 249-263, 2003. 

25. Mostefaoui A., Rajsbaum S., Raynal M. and Roy M., Condition-based Consensus 
Sovability: a Hierarchy of Conditions and Efficient Protocols. Distributed Comput- 
ing, 17:1-20, 2004. 

26. Mostefaoui A., Rajsbaum S. and Raynal M., The Synchronous Condition-Based 
Consensus Hierarchy. Tech Report 1584, 26 pages, IRISA, Univ. de Rennes 1, De- 
cember 2003. (http://www.irisa.fr/bibli/publi/pi/2003/1584/1584.html). 

27. Mostefaoui A. and Raynal M., Leader-Based Consensus. Parallel Processing Let- 
ters, 1 1 ( 1) :95-107, 2001. 

28. Neiger G. and Toueg S., Automatically Increasing the Fault- Tolerance of Dis- 
tributed Algorithms. Journal of Algorithms, 11:374-419, 1990. 

29. Raynal M., Consensus in Synchronous Systems: a Concise Guided Tour. 9th IEEE 
Pacific Rim Int. Symp. on Dependable Computing, pp. 221-228, 2002. 

30. Zibin Y., Condition-Based Consensus in Synchronous Systems. 17th Int. Symp. on 
Distributed Computing, Springer- Verlag LNCS #2848, pp. 239-248, 2003. 




Synchronous Condition-Based Consensus 
Adapting to Input- Vector Legality 



Taisuke Izumi and Toshimitsu Masuzawa 



Graduate School of Information Science and Technology, Osaka University 
1-3 Machikaneyama, Toyonaka, 560-8531, Japan 

{t-izumi ,masuzawa}@ist . osaka-u. ac . jp 



Abstract. This paper proposes a novel condition-based algorithm for 
the uniform consensus in synchronous systems. The proposed algorithm 
is adaptive in the sense that its execution time depends on actual dif- 
ficulty of input vectors, legality level , which is newly formalized in this 
paper. On the assumption that majority of processes are correct, the al- 
gorithm terminates within min{/ + 2 — l, t + 1} rounds if l < /, where / 
and t is the actual and the maximum numbers of faults respectively, and 
l is the legality level of input vectors. Moreover, the algorithm terminates 
in 1 round if l > t and / = 0, and terminates within 2 rounds if l > f 
holds. Compared with previous algorithms, for the case of t < n/2, the 
algorithm achieves the best time complexity in almost all situations. 



1 Introduction 

The consensus problem is a fundamental and important problem for designing 
fault-tolerant distributed systems. Informally, the consensus problem is defined 
as follows: each process proposes a value, and all non-faulty processes have to 
agree on a common value that is proposed by a process. The uniform consensus , 
a stronger variant of the consensus, further requires that faulty processes are 
disallowed to disagree (Uniform Agreement). The (uniform) consensus problem 
has many applications, e.g., atomic broadcast [2] [6], shared object [1] [7] , weak 
atomic commitment [5] and so on. However, despite of the variety of its applica- 
tions, it has no deterministic solution in asynchronous systems subject to only a 
single crash fault [4]. Thus, several approaches to circumvent this impossibility 
have been proposed. 

As one of such new approaches, the condition-based, approach is recently in- 
troduced [9] . This approach is to restrict inputs so that the generally-unsolvable 
problem can be solved. A condition represents some restriction to inputs. In the 
case of the consensus problem, it is defined as a subset of all possible input vec- 
tors whose entries correspond to the proposal of each process. The first result of 
the condition-based approach clarifies the condition for which the uniform con- 
sensus can be solved in asynchronous systems subject to crash faults [9]. More 
precisely, this result proposed a class of conditions, called d-legal conditions, and 
proved that d-legal conditions is the class of necessary and sufficient conditions 



R. Guerraoui (Ed.): DISC 2004, LNCS 3274, pp. 16-29, 2004. 
(c) Springer- Verlag Berlin Heidelberg 2004 




Synchronous Condition-Based Consensus Adapting to Input- Vector Legality 



17 



to solve the (uniform) consensus in asynchronous systems where at most d pro- 
cess can crash. More recent researches focus on application of the concept of 
conditions to synchronous systems. However, it is well-known that the uniform 
consensus problem can be solved in synchronous systems. Thus, these researches 
try to improve time complexity by introducing conditions. While it is known that 
any synchronous uniform consensus algorithm takes at least min{/ + 2,f + 1} 
rounds, where / and t is the actual and the maximum numbers of faults re- 
spectively [3], more efficient algorithms can be realized if the condition-based 
approach is introduced. For example, the algorithm proposed in [11] terminates 
within min{/ + 2, t + 1 — d} rounds if the input vector is in some d-legal condi- 
tion, and terminates within min{/ + 2,f + 1} rounds otherwise. To the best of 
our knowledge, three synchronous condition-based uniform consensus algorithms 
have been proposed [10] [11] [14]. 

We also investigate condition-based uniform consensus algorithms in syn- 
chronous systems. Especially, we focus on adaptiveness to conditions, which is 
a novel notion this paper introduces. Intuitively, the adaptiveness is the prop- 
erty that the execution time of algorithms depends on actual difficulty of input 
vectors. As we mentioned, inputs in some d- legal condition can make algorithms 
terminate early by at most d rounds. Then, roughly speaking, the value d can be 
regarded as the difficulty of the inputs. On the other hand, in [12], it is shown 
that a d-legal condition can contain a (d + l)-legal condition as a subset. This 
implies that a d-legal condition can include the input vector whose difficulty 
is lower than d. Our adaptiveness concept guarantees that such easier input 
make algorithms terminate earlier. To explain adaptiveness more precisely, we 
present an example for the d-legal condition C™ ax : The condition C“ ax consists 
of the vectors in which the largest value in the vector appears at more than d 
entries. From the result in [11], we can construct, for any fixed d , an efficient 
condition-based uniform consensus algorithm that terminates within t + 1 — d 
rounds for any input vector in C'™ ax - Now let A be such an algorithm for d — 2, 
and consider the three vectors I\ =< 0,1, 1,1,1 >, I2 =< 0,1, 2, 2, 2 >, and 
I3 =< 0,1, 2, 3, 3 >. Clearly, the vectors Ji, and I2 are in C“ ax , and thus for 
the input vectors I\ and I2, the algorithm A terminates within t — 1 rounds. 
On the other hand, since I3 is not in C'J lax , the algorithm A terminates within 
min{/ + 2,f + 1} rounds. However, from the definition, Ii is also contained in 
C l 3 iax , and J3 is contained in C[ nax . Therefore, the execution for /1 and I3 is 
expected to terminate within t — 2 rounds and t rounds respectively: This is 
what we call adaptiveness. However, in this sense, none of existing algorithms is 
adaptive. 

This paper formalizes the adaptiveness to conditions, and proposes a condi- 
tion-based uniform consensus algorithm that achieves the adaptiveness. To define 
actual difficulty of input vectors, we introduce the notion of legal condition se- 
quence and legality level. Intuitively, the legal condition sequence is a hierarchical 
sequence of the d-legal conditions. The legality level is defined for a legal condi- 
tion sequence, and represents the location of input vectors in the hierarchy 1 . In 

1 The notion of the legal condition sequence and the legality level is similar to that of 
the hierarchy and the degree proposed in [12]. 




18 



Taisuke Izumi and Toshimitsu Masuzawa 



Table 1. Comparison about worst-case round complexity between this paper’s algo- 
rithm and existing algorithms. The variable f, t, respectively represents the actual and 
maximum number of faulty processes, l represents legality level of the input vector, 
and d is the design parameter of each algorithm. 





l > t 


t>i>j 


/ > i 


Assumption 


[14] 


t + 2 - d (if l > d) 
t + 1 (otherwise) 


t + 2 - d (if l > d) 
t + 1 (otherwise) 


t + 2 - d (if l > d) 
t + 1 (otherwise) 


t < n/2 


[10] 


1 if / = 0 

2 otherwise 


min{/ + 2,4 + 1} 


min{/ + 2,4+1} 


nothing 


[11] 


2 


min{£ + 1 — d, f + 2} 
(if l > d ) 
min{/ + 2, t + 1} 
(otherwise) 


min{£ + 1 — d, f + 2} 
(if l > d) 
min{/ + 2, t + 1} 
(otherwise) 


nothing 


this paper 


1 if / = 0 

2 otherwise 


2 


min{/ + 2 — l, t + 1} 


t < n/2 



the previous example, the legal condition sequence is < C“ ax , C™ ax , ■ ■ ■ , C™ ax >, 
and the legality levels of Ji, I 2 and / 3 are respectively 3, 2, and 1. The proposed 
algorithm is instantiated by a legal condition sequence. For any input vector 
with legality level l, it terminates within min{/ + 2 — l, t + 1} rounds if l < f 
holds, within 2 rounds if l > f holds, and within 1 round if / = 0 and l > t 
holds. The comparison of our algorithm with existing algorithms is summarized 
in Table 1, where l is the legality level of input vectors, and d is the design pa- 
rameter of each algorithm. From the table, we can see that only our algorithm is 
adaptive to the conditions. Notice that our algorithm works on the assumption 
that t < n/2 holds. For the case t < n/2, our algorithm achieves the best time 
complexity in almost all cases. Only in the case that both l = d and f = t hold, 
the algorithm in [11] terminates faster. 

The paper is organized as follows: In section 2, we introduce the system 
model, the definition of problem, and other necessary formalizations. Section 3 
provides the adaptive condition-based consensus algorithm. We conclude this 
paper in Section 4. 

2 Preliminaries 

2.1 Distributed System 

We consider a round-based synchronous distributed system consisting of n pro- 
cesses P = {po,Pi,P 2 , ■ ■ ■ , Pn-ij hr which any pair of processes can communicate 
with each other by exchanging messages. All channels are reliable: each channel 
correctly transfers messages. The system is round-based, that is, its execution is 
a sequence of synchronized rounds identified by 1, 2, 3 - - Each round r consists 
of three phases: 

Send phase. Each process pi sends messages. 

Receive phase. Each process pi receives all the messages sent to Pi at the 
beginning of round r. 

Local processing phase. Each process pi executes local computation. 





Synchronous Condition-Based Consensus Adapting to Input- Vector Legality 



19 



Processes can crash. If a process pi crashes during round r, it makes no 
operation subsequently. Then, messages sent by pi at round r may or may not 
be received. We say a process is correct if it never crashes, and say “a round r 
is correct” when no process crashes during round r. There are an upper bound 
t on the number of processes that can crash. We also denote the actual number 
of crash processes by / (< t). In the rest of the paper, we assume that t < n /2 
holds. 

2.2 Uniform Consensus 

In a consensus algorithm, each correct process initially proposes a value, and 
eventually chooses a decision value from the values proposed by processes so 
that all processes decide the same value. The uniform consensus is a stronger 
variant of the consensus. It disallows faulty processes to disagree on the decided 
value. More precisely, the uniform consensus is specified as follows: 

Termination : Every correct process eventually decides. 

Uniform Agreement : No two processes decide different values. 

Validity. If a process decides a value v, then, v is a value proposed by a process. 

The set of values that can be proposed is denoted by V. Moreover, we assume 
that V is a finite ordered set. 

2.3 Legality Level 

Notations. An input vector is a vector in V", where the i-th entry represents 
Pi s proposal value. We usually denote an input vector for an execution by I. We 
also define view J to be a vector in (V U { _L})” obtained by replacing the several 
entries in I by _L (_L is a default value such that _L^ V). Let _L" be the view such 
that all entries are _L. We denote Ji < J2 if Vfc : J\[k] J\[k] = J2[k] holds. 

For two views J\ and J2 such that Ji < J2 or J2 < J\ holds, we define their 
union J = J 1 U J2 as follows: Vfc : J[k] = a J\[k] = a or J2[k) = a. For a 

vector J (G (V U {T}) n ) and a value a, # a (J) denotes the number of entries of 
value a in the vector J. For a vector J and a value a, we often describe a £ J if 
there exists a value k such that J[k] = a. Finally, for two vectors Ji and J2, we 
denote the Hamming distance between J\ and J2 by dist(Ji, J2). 

Conditions and Legality. A condition is formally defined as a subset of V”. 
First, as an important class of conditions, we introduce {d, /i)-legal conditions 2 . 

Definition 1 ((d, /t)-legal conditions) A condition C is ( d , /i)-legal (where h 
is a mapping h : C 1— > V) if h, d, and C satisfy the following properties: 

1. VIeC':# h(J) (/)>d, 

2. V/1,/2 G C : h{I\) ^ h{I 2 ) =>• dist(/i,/ 2 ) > d. 

2 The ( d , /i)-legal conditions is a subclass of d-legal conditions (the condition C is d- 
legal if there exists a mapping h such that C is ( d , /i)-legal). This difference does not 
restrict the class of condition applicable to our algorithm because our algorithm can 
be instantiated with any h. 




20 



Taisuke Izumi and Toshimitsu Masuzawa 



Intuitively, (d, /i)-legal condition is the set of input vectors / such that h(I) 
can be calculated even when at most d entries of / are lost. From the definition, 
V" can be (0, d)-legal, and (n, /i)-legal condition is only the empty set. Notice 
that (d, d)-legal condition is not uniquely determined by d and h (For instance, 
for a (d,h )- legal condition, its subset is also a (d, d)-legal condition). In recent 
researches, it is shown that (d, d)-legal conditions reduce the worst-case execution 
time of synchronous consensus algorithms. To be more precise, for any (d, Il- 
legal condition, there exists a consensus algorithm that terminates (1) within 
min + 1 — d, / + 2} rounds for input vector satisfying the condition, and (2) 
within min{/ + 2,t + 1} rounds otherwise [11]. In this sense, we can regard d 
as a characteristic value representing difficulties of input vectors in (d, d)-legal 
condition. However, from the definition, a (d, /i)-legal condition can include a 
(d + 1, d)-legal condition. This implies that a (d, d)-legal condition can include 
easier input vectors. Therefore, to define actual difficulty of input vectors, we 
introduce legality levels of input vectors as follows: 

Definition 2 (Legal condition sequence) A sequence of conditions C =< 
Co, Ci, ■ ■ ■ C n > is an h - legal condition sequence if the following properties are 
satisfied: 

- Co = V”, C n = 0, 

- Vfc (0 < k < n — 1): Ck is (fc, d)-legal and Ck+\ C Ck, 

- Vfc (0 < k < n - 1): {fiC' : C' is (k + 1, /i)-legal and C k+1 cC'C C k ). 

Definition 3 (Legality level) For a d-legal condition sequence C, the legality 
level of a input vector I is l if I € Ci and / ^ C) + i holds. 

Since C n is empty and Co is the set of all possible input vectors, for any input 
vector, its legality level can be defined necessarily. The legality level represents 
the actual difficulties of input vectors in the sense that we previously mentioned. 

Example. An example of a (d, /i)-legal condition is C'™ ax : 

C™ ax = {/ € V"|# o (-0 > d, where a is the maximum value in 1} 

The condition C“ ax is a (d, d)-legal condition defined by d and h = max. 
Moreover, it is maximal, that is, there is no (d, d)-legal condition C such that 
C“ C C [9] 3 . Therefore, for C“ ax , we can define legal condition sequence 
C max =< Co nax , C] nax , • • • >. As an example, we consider two input vectors, 

I\ =< 0, 0, 1, 3, 3 > and A =< 0, 0, 2, 2, 2 >. Both vectors are contained in C'f lax . 
However, whereas I 2 is contained in C™ ax , I\ is not. Therefore, for C max , legality 
levels of vectors I\ and I 2 are respectively 1 and 2. 

The algorithm proposed in this paper is instantiated with a legal condition 
sequence, that is the legal condition sequence (which includes the mapping h) 

3 Actually, the definition of maximality in [9] is stronger: The ( d , d)-legal condition C 
is maximal if Cu{I'} is not ( d , //(-legal for any mapping h! and input vector I' ^ C. 




Synchronous Condition-Based Consensus Adapting to Input- Vector Legality 



21 



is given and can be used in the algorithm. In all following discussions, let the 
algorithm be instantiated with C =< Co, Ci, • • • , C n >, where each Ck is ( k , /il- 
legal. In addition, we denote the legality level of an input vector / for C by 1(1). 

3 Condition-Based Consensus Algorithm Adapting 
to Legality Level 

In this section, we propose a condition-based consensus algorithm that adapts 
to the legality level of input vectors. More precisely, the algorithm terminates in 
1 round if / = 0 and 1(1) > t holds, (2)within 2 rounds if 1(1) > f holds, and 
(3) within min{/ + 2 — 1(1), t + 1} rounds otherwise. 

We present the algorithm in an incremental way: Before the presentation of 
the algorithm, we first introduce the fundamental function decode, which is used 
as the subroutine of our algorithm. Then, we propose a basic adaptive algorithm. 
This algorithm is relatively simple and easy to understand, but is not optimized 
in some points. Thus, after that, we modify the basic algorithm to obtain the 
optimized algorithm. 



3.1 Function decode 

The function decode has two arguments J and d, which are respectively a view 
and legality level. Informally, the role of the function decod e(J,d) is to obtain 
the value h(I) from J. The behavior of decode is as follows: When a process 
invokes decode( J, d), it first supposes that legality level of the input vector is d, 
and tries to construct the vector I' > J such that h(I) = h(I') holds. Notice that 
this trial may fail. If the trial succeeds, decode returns the value h(I') , where I' 
is a constructed vector. On the other hand, if the trial fails, decode re-supposes 
that legality level of the input vector is d — 1, and tries to construct again. 

The algorithm decode( J, d) is presented in Figure 1. To handle the case that 
the trial fails, the algorithm is described as the recursive function. First, the 
algorithm constructs the candidates of vector /' G Cd such that h(I’) G J and 
J < I' (line 4). These candidate vectors are stored in the variable £. If more than 
one candidate are stored, the algorithm deterministically chooses one vector (in 
Figure 1, the algorithm chooses the vector /' with the largest h(I')). For the 
chosen vector I', the algorithm returns h(I'). 



Properties of Function decode. We prove several properties of the function 
decode. Let £(J,d) be the value stored in £ immediately after the line 4 is 
processed in the execution of decode(J, d). 

Lemma 1 If £(J,d) is nonempty, the condition dist(/i,/ 2 ) < #_l (J) holds for 
any A, I 2 G £(J,d). 

Proof Since J < I\ and J < I 2 , this lemma clearly holds. □ 




22 



Taisuke Izumi and Toshimitsu Masuzawa 



1 


Function decode( J, d ) : 


2 


variable 


3 


E : init 0 


4 


£■<—{/£ C d \h(I) £ J and J < 1} 


5 


if E — 0 then retu rn (decode (J, d — 1)) 


6 


else return(max{/i(7) |7 £ E}) endif 



Fig. 1. Function decod e(J,d). 



Lemma 2 (Decode Validity) For any J y^_L" and d (> 0), the execution of 
decode( J, d) necessarily terminates, and its return value is contained in J. 

Proof Clearly, return values are included in J. We prove the termination by 
showing that decode( J, 0) is necessarily terminates. Since we assume that J y^_L n , 
£(J , 0) is necessarily nonempty (any vector obtained by replacing _L by a non-_L 
value in J is necessarily contained in £( J, 0)), and thus the execution terminates. 

□ 



Lemma 3 (Decodability) Let I be an input vector, and J be a vector such 
that J < I and #_l (J) < 1(1) holds. Then, for any value d > #_l(J), decode(J, d) 
= h(I) holds. 

Proof We consider the following two cases: 

— (Casel) When d < 1(1) holds: Then, I £ @ 1 ( 1 ) C Cd holds. In addition, 
h(I) £ J holds from #_l(J) < 1(1) < #h(i)(I)- These implies that I £ £(J , d) 
holds. On the other hand, for any vector /' £ £(J, d), dist (I', I) < #j_(J) < d 
holds from Lemma 1. Then, we obtain h(I') = h(I) because both /' and I 
are in Cd- This implies that decode( J, d) = h(I) holds. 

— (Case2) When d > 1(1) holds: We prove this case by induction for d. (Basis) 

We consider the case of d = 1(1) as the basis. It clearly holds from the 
proof of Casel. (Inductive Step) Assume as induction hypothesis that 
decod e(J,d — 1) = h(I) holds. If £(J,d) = 0 holds, decod e(J,d) returns 
the value from decode(J, d— 1). Then, decod e(J,d) = h(I) holds from the 
induction hypothesis. Thus, we consider the case of £(J, d) ^ 0. Letting I ' be 
a vector in £(J,d), dist (1,1') < #_l(J) < 1(1) holds from Lemma 1. Then, 
we obtain h(I) = h(I') because both /' and / are in C^jy This implies that 
decode( J, d) = h(I) holds. □ 

Lemma 4 (Transitivity) For any d > #_l(J), decode( J, d) = decod e(J,d+ 1) 
holds. 

Proof We consider the following three cases: 

— (Casel) When £(J, d+ 1) = 0 holds: Clearly, decode( J, d+ 1) = decode( J, d) 
holds. 





Synchronous Condition-Based Consensus Adapting to Input- Vector Legality 



23 



— (Case2) When £(J,d) = 0 holds: There exists no vector I such that J < I, 
h{I) £ J, and I £ Cd holds. Therefore, there also exists no vector I such 
that J < I, h(I) £ J, and I £ Cd+i holds, because Cd + 1 C Cd holds. This 
implies that £(J,d + 1) =0 holds. Afterward, the proof is same as Casel. 

— (Case3) When neither £(J, d) nor £(J,d + 1) is 0 : Let I\ be the vector such 

that 7i £ £(J,d) and h(I\) = decode(J, d) holds, and I 2 be the vector such 
that I 2 £ £(J,d+ 1) and h(I 2 ) = decode( J, d + 1) holds. Since both J < I 2 
and J < h holds, dist(/i, I 2 ) < #j _( J) < d holds from Lemma 1. In addition, 
the vector I 2 is also in Cd because Cd + 1 C Cd holds. From the definition of 
Cd , we can conclude h(I\) = h(l 2 ), and thus, decod e(J,d) = decode( J, d+ 1) 
holds. □ 



3.2 Algorithm ACC 

In this subsection, we propose a simple adaptive algorithm ACC. The algorithm 
is based on the well-known floodset algorithm [8] [13]. The typical floodset al- 
gorithm is as follows: Each process maintains its own view, which stores only 
its proposal at round 1. In each round, each process sends its own view to all 
processes, receives views from other processes, and updates its own view by the 
union of the current view and all received views. The primary objective of the 
floodset algorithm is to guarantee that each process has a same view after the ex- 
ecution by an appropriate round. In non-condition-based algorithm, / + 1 rounds 
is sufficient for each process to have a same view. This relies on the fact that 
f+1 rounds’ execution includes at least one correct round and the fact that each 
process have a same view at round r if a round r is correct. On the other hand, 
considering the input vector condition, / + 1 — 1(1) rounds is sufficient [11] [14] . 
In this case, at the end of round f + 1 — 1(1) , each process may have different 
views. However, then, it is guaranteed that a common value (that is h(I )) can be 
calculated from each view. Notice that the value / and 1(1) is unknown. Thus, 
the primary issues the algorithm ACC must consider is to execute the floodset 
algorithm till an appropriate round according to the value of / and 1(1). 

The behavior of ACC is as follows: The algorithm executes floodset algorithm 
as an underlying task. In each round r, each process pi supposes that legality 
level of the input vector is t + 1 — r, and estimates a decision value by executing 
decode(Jj,f + 1 — r), where Ji is the view maintained by pi . This estimation 
can be wrong, and thus, at the next round, each process checks whether its 
estimation is correct or not. More precisely, at round r- 1-1, each process pi sends 
its estimation to all processes (including itself). If all messages received by pi 
has a same estimation w, pi decide a value w. Then, each process terminates 
at round / + 2 — 1(1) or earlier. However, if a process Pj accidentally decides a 
round earlier than round f + 2 — 1(1) while another process pi decides at round 
/ + 2 — 1(1), those decision may differ. Hence, to avoid this inconsistency, we 
introduce the scheme of overwriting views into the algorithm: If pi receives more 
than n/2 messages containing a common value w, before the estimation for next 
round, it overwrites its own view by the view J from other processes such that 
decod e(J,t + 1 — r) = w holds. This implies if a process decides a value w at 




24 



Taisuke Izumi and Toshimitsu Masuzawa 



Algorithm ACC(r*) for /i-legal condition sequence and t crashes (t < nj 2) 

Code for pi\ 

1: variable: 

2: J i , Si : init _L n and Ji[i] < — Vi 

3: Si : init _L 

4: Viewsi : init <_L n , _L n , • • • , _L n > 

5: for each round r = 1,2, •••,£ + 2 do : 

6: send ( Ji,Si ) to all processes (including 

7: Let (Viewsi[j], Si[j]) be the message received from pj 

(if no message is received from pj , Viewsi[j ] =_L n ) 

8: Ji 4 — ^ Vzetysi[fc] /* Updating the view */ 

9: if r > 1 then 

10: if 3w t^-L: + #j_(Si) = n then decide(ty) and exit endif 

11: if 3w t^-L: > n/2 then 

12: Let y be a value in Si[y] ^_l_ (deterministically chosen) 

13: Ji * — Viewsi [y] /* Overwriting the view */ 

14: endif 

15: endif 

16: Si < — decode( Jj,t + 1 — r) /* Estimation of decision value */ 

17: endfor 



Fig. 2. Algorithm ACC: Adaptive Condition-based Consensus. 



round r + 1, all other processes necessarily have such a view as J at the end of 
round r + 1 because at least n — /(> n/2) correct processes necessarily sends the 
same estimation w at round r + 1. Then, all other processes are guaranteed to 
decide a value w at round r + 2 (the detail is explained in the correctness proof). 
It may be wondered that the view-overwriting scheme may prevent the floodset 
algorithm from working correctly, because the view maintained by the floodset 
algorithm can be changed. However, in this scheme, such problem never occurs: 
As we mentioned, the principle that the floodset algorithm uses is that each view 
becomes equal at the end of correct rounds. Even though the view-overwriting 
schemes is introduced, this principle is not violated at all. 

Figure 2 presents the code of the algorithm ACC for process pi. The view 
of each process Pi is maintained in the variable Ji. The variable Viewsi and 5/ 
respectively denotes views and estimations received from other processes at cur- 
rent round. The line 9-15 corresponds to the view-overwriting scheme. The line 
16 corresponds to the estimation of a decision value. Notice that the estimation 
is done after view-overwriting. 



Correctness of ACC. In this subsection, we prove the correctness of the al- 
gorithm ACC. For the proof, we define the following notations and terms: J[, 
Views^ an d respectively denote the value of Ji , Viewsi and S) at the end 
of round r. Let P r be the set of processes that neither crash nor terminate at 
the end of round r, and P c be the set of correct processes. For short, let F be 
max{2, / + 2 — 1(1)}. 

Lemma 5 (Validity) If a process decides a value w, then w is a value proposed 
by a process. 





Synchronous Condition-Based Consensus Adapting to Input- Vector Legality 



25 



Proof This lemma clearly holds from Lemma 2. □ 

Lemma 6 If a round r (1 < r < t + 2) is correct, then -J k = J k holds for any 
PhPj G P k and k > r. 



Proof We prove this lemma by induction for k. (Basis) We consider the case 
of r = k. Since round k(= r) is correct, each process in P k receives a same set of 
messages at round k. Thus, for any Pi,Pj € P k , Views} = Views} and S k = S k 
holds. Since the value of J k is deterministically calculated from the values of 
Views} and S k , J k = J k holds for any p, . pj G P k . (Inductive step) Suppose 
as induction hypothesis that J k = J k holds for some k(> r) and any Pi,Pj G P k 
(let J be the value of J k ). Since each process in P k sends a message ( J, *) at 
round k + 1 unless it crashes, for each pi, Views k+1 contains only values J and 
_L". Then, the value of J k+1 is either U"=o Vi ews } +1 [x] = J (assignment at line 
8) or J k+1 = Views}[x] = J (assignment at line 13). In any cases, J k+1 has a 
value J. This implies that J k+1 = J k+1 holds for any Pi,Pj G P k+1 . □ 

Lemma 7 If a round r (1 < r < t + 2) is correct, then every process pi G P r 
decides at round r + 1 or earlier unless it crashes by the end of round r + 1 

Proof From Lemma 6, the variable J[ has a common value (say J) for any 
Pi G P r . This implies that each process sends the same message (J, w) at round 
r + 1 (letting w = decode( J, t + 1 — r))). Then, since S',[ +1 contains only w and 
_L, each process pi(£ P r + l ) decides a value w at round r + 1. □. 

Lemma 8 (Termination) Each process pi decides a value at round max{2, /+ 
2 — 1(1)} or earlier. 

Proof If there exists a correct round r up to F — 1, the lemma clearly holds 
from Lemma 7. Thus, we have only to consider the case that every round up 
to F — 1 is not correct. Since at least one process crashes in each round up 
to F — 1(> / + 1 — 1(1)), at most 1(1) processes can crash at round 1. Then, 
#±(j[~ 1 ) < 1(1) holds for any pi G P F ~ 1 (notice that if a process pk does 
not crash at round 1, all processes receive p^s proposal at round 1, and thus, 
J[k\ holds for every view in the execution). In addition, t + 1 — (F — 1) = 
t — f + 1(1) > 1(1) > #±(J.f~ 1 ) also holds. Therefore, from Lemma 3, we obtain 
decode( jf 1 , t + 1 — (F — 1)) = h(I). Then, since every process in P F sends 
message (*,h(I)), Sf contains only h(I) and _L. This implies that each process 
Pi in P F decides h(I) at round F. □ 

Lemma 9 (Uniform Agreement) No two processes decide different values. 

Proof Let pi and pj be the processes that decide. We prove that both pi and pj 
decide a common value. Without loss of generality, we assume that Pi is the first 
process that decides. Let r and w respectively denote the round when p t decides 




26 



Taisuke Izumi and Toshimitsu Masuzawa 



and the value Pi decides. (Casel) When p 3 decides at round r: Since the process 
Pi decides a value w at round r, Sf contains only w and _L. This implies that 
every process pk £ P c sends a message (J£ -1 ,u>) at round r because no process 
in P c terminates at the beginning of round r. Then, clearly S}[k] = w holds, 
and thus pj decides w. (Case2) When pj does not decides at round r: In the 
same way as the casel, we can show that every process pk £ P c sends a message 
(Jf~ ,w) at round r. Then, since t < n/2 holds, we obtain # TO (SI) > n/2 for 
any pk £ P r ■ Therefore, each process pk overwrites its own variable Jk by a 
vector 14 such that decode(V/j, t + 1 — (r — 1)) = w holds. On the other hand, 
from Lemma 7, every round up to r — 1 is not correct because if not, pj decides 
at round r or earlier. This implies that at most / + 2 — r processes can crash at 
round 1. Hence, < / + 2 — r < t + 2 — r holds. Then, from Lemma 4, 

we obtain decode^, £ + 1 — r) = decode(V fc ',t + 1 — (r — 1)) = w. Since every 
process pk £ P r sends a message ( V/ , w) at round r + 1 (or is crashed at the 
beginning of round r + 1), S} +1 contains only w and _L for any pj £ P r+1 . This 
implies that p 3 decides a value w at round r + 1. □. 

From lemma 5, 8, and 9, the following theorem holds. 

Theorem 1 For any input vector 7, the algorithm ACC solves the uniform con- 
sensus (1) within f + 2 — 1(1) rounds if / > 1(1) holds, or (2) within 2 rounds if 
/ < 1(1) holds. 

3.3 Optimized Algorithm 

In this subsection, we introduce the algorithm ACCF, which is an optimized 
version of ACC. The algorithm ACCF terminates within the same number of 
rounds (max{2, / + 2 — 1(1)}) as ACC. In addition, it terminates within only 1 
round if 1(1) > £ holds, and within terminates within £ + 1 rounds if / = £ and 
1(1) = 0 holds. 

The idea of modification from ACC to ACCF is to add two exceptional decision 
schemes, which is called fast decision and slow decision afterward. Each scheme 
is as follows: 

Fast decision. This scheme is same as that in [10]. At round 1 if a process p 3 
gathers all proposals and recognizes that legality level of the input vector 
is greater than or equal to t, it immediately decides a value decode(Jj,£) 
(= h(I)). In this case, even though up to t processes crash, all other processes 
can calculate h(I). This implies that each process eventually decides a value 
h(I), and thus then uniform agreement is guaranteed. 

Slow decision. This scheme is that each process pi simply decides a value 
decode( Ji, 0) at the end of round £+1. Then, since there £+1 rounds contains 
at least one correct round, each process no longer has to check its estimation. 

The algorithm ACCF is presented in Figure 3. It is described as the additional 
code to Figure 2. The fast decision part (the lines 8.1 - 8.3) is inserted into the 
position after the line 8 of ACC. The slow decision part (the lines 16.1 - 16.3) is 
inserted into the position after the line 16 of ACC. 




Synchronous Condition-Based Consensus Adapting to Input- Vector Legality 



27 



Algorithm ACC('Ui) for h - legal condition sequence and t faults ( t < n/ 2) 

(Additional Code to ACC) 

Code for pi 



8.1 


if r = 1 and #±(Ji) = 0 and l(Ji) > t then 




8.2 


decide(decode( Ji , t)) and exit 


/* Fast decision */ 


8.3 


endif 




16.1 


if r = t + 1 then 




16.2 


decide(decode( Ji , 0)) and exit 


/* Slow decision */ 


16.3 


endif 





Fig. 3. Algorithm ACCF: Adaptive Condition-based Consensus with Fast/Slow deci- 
sion. 



Correctness of ACCF. In this subsection, we prove the correctness of ACCF. 
Lemmas 5, 6 ,and 7 also hold for ACCF (the proofs are same as that for ACC). 
Lemmas 8 and 9 are slightly modified as follows: 

Lemma 10 (Regular and Slow Termination) Each process p t decides a 
value at round miii{F, t + 1} or earlier. 

Proof This lemma clearly holds from Lemma 8. □ 

Lemma 11 (Regular Agreement) Let pi be the first process that decides, w 
be the decision of pi, and r be the round when pi decides (2 < r < t). Then, for 
each process pj € P r , pj decides w at round r or r + 1 unless it crashes by the 
end of round r + 1. 

Proof The proof is same as that of Lemma 9. □ 

Lemma 12 (Fast Termination) If 1(1) > t and / = 0 holds, each process p t 
decides a common value at round 1. 

Proof Since f — 0 holds, pi receives the message from every process. This 
implies that J- = I holds, and thus, pi decides decod e(J, f) at round 1 (line 8.5). 

□ 

Lemma 13 (Slow Agreement) If processes pi and p 7 decide at round t + 1, 
then, pi and pj decides a common value. 

Proof From Lemma 7, every round up to t — 1 is not correct because pi and 
Pj decide at round t + 1. Then, either round t or round t + 1 is correct. (Casel) 
Round t is correct: From Lemma 6, has same value for each pk (letting J be 
the value of J*). Then, each process in P* sends a same message (J, w) (unless 
it crashes), where w is decode(J, 1). This implies that both pi and pj decide w. 
(Case2) Round t + 1 is correct: Then, Views - +1 = V iewsj +1 and S* +1 = Sj +1 
hold. This implies that pi and pj decide a same value. □ 





28 



Taisuke Izumi and Toshimitsu Masuzawa 



Lemma 14 (Fast Agreement) (l)If a process p t decides w at round 1, each 
Pj decides w, or crashes. 

Proof Since p, decides at round 1, 1(1) > t clearly holds. Then, for any k < t 
and J such that #_l(J) < t, decod e(J,k) = h(I) = decod e(I,t) = w holds. This 
implies that pj decides w unless it crashes. □ 

From Lemmas, 11, 13 and 14, we obtains the uniform agreement property: 

Corollary 1 (Uniform Agreement) No two processes decide different val- 
ues. 

From Corollary 1, and, Lemmas 5, 10, and 12, the following theorem holds. 

Theorem 2 The algorithm ACCF solves the uniform consensus (1) within one 
round if 1(1) > t and no process crashes, (2) within two rounds if 1(1) > f, and 
(3) within min{/ + 2 — 1(1), t + 1} rounds otherwise. 

4 Concluding Remarks 

This paper considered condition-based consensus algorithms adapting to diffi- 
culty of input vectors. We formalized difficulty of input vectors as legality level, 
and proposed an adaptive condition-based uniform consensus algorithm. The 
proposed algorithm terminates within min{/ + 2 — 1(1), t+ 1} rounds if 1(1) < f, 
and within 2 rounds if 1(1) > /, where 1(1) is legality level of the input vector. 
Moreover, this algorithm terminates with one round if 1(1) > t and / = 0 holds 
(fast decision), Compared with existing algorithm, the proposed algorithm is the 
fastest in almost all cases. 

Acknowledgment 

This work is supported in part by a JSPS, Grant-in- Aid for Scientific Research 
((B)(2)15300017), and “The 21st Century Center of Excellence Program” of the 
Ministry of Education, Culture, Sports, Science and Technology, Japan. 



References 

1. H. Attiya and J. L. Welch. Sequential consistency versus linearizability. ACM 
Transactions on Computer Systems, 12(2):9H22, 1994. 

2. T. D. Chandra and S. Toueg. Unreliable failure detectors for reliable distributed 
systems. Journal of the ACM, 43(2):225-267, 1996. 

3. B. Charron-Bost and A. Schiper. Uniform consensus is harder than consensus (ex- 
tended abstract). Technical Report DSC/2000/028, EPFL, Lausanne(Switzerland), 
May 2000. 

4. M. J. Fischer, N. A. Lynch, and M. S. Paterson. Impossibility of distributed con- 
sensus with one faulty process. Journal of the ACM, 32(2):374-382, 1985. 




Synchronous Condition-Based Consensus Adapting to Input- Vector Legality 



29 



5. R. Guerraoui. Revisiting the relationship between non-blocking atomic commit- 
ment and consensus. In Proc. of 9th International Workshop on Distributed Algo- 
rithms(WDAG), volume 972 of LNCS, Sep 1995. 

6. V. Hadzilacos and S. Toueg. Fault-tolerant broadcasts and related problems. 
In S. Mullender, editor, Distributed Systems , chapter 5, pages 97-145. Addison- 
Wesley, 1993. 

7. M. Herlihy. Wait-free synchronization. ACM Transactions on Programming Lan- 
guages and Systems, 13:124-149, 1991. 

8. N. Lynch. Distributed Algorithms. Morgan Kaufmann, 1996. 

9. A. Mostefaoui, S. Rajsbaum, and M. Raynal. Conditions on input vectors for 
consensus solvability in asynchronous distributed systems. Journal of the ACM, 
50(6):922-954, 2003. 

10. A. Mostefaoui, S. Rajsbaum, and M. Raynal. Using conditions to exppedite consen- 
sus in synchronous distributed systems. In Proc. of 17th International Conference 
on Ditributed Computing(DISC), volume 2848 of LNCS , pages 249-263, Oct 2003. 

11. A. Mostefaoui, S. Rajsbaum, and M. Raynal. The synchronous condition- based 
consensus hierarchy. In Proc. of 1 8th International Conference on Distributed Com- 
puting(DISC), Oct 2004. (to appear). 

12. A. Mostefaoui, S. Rajsbaum, M. Raynal, and M. Roy. Condition-based consensus 
solvability: a hierarchy of conditions and efficient protocols. Distributed Computing, 
17(1): 1—20, 2004. 

13. M. Raynal. Consensus in synchronous systems: A concise guided tour. In Proc. of 
Pacific Rim International Symposium on Dependable Computing (PRDC), pages 
221-228, 2002. 

14. Y. Zibin. Condition-based consensus in synchronous systems. In Proc. of 17th In- 
ternational Conference on Ditributed Computing (DISC), volume 2848 of LNCS, 
pages 239-248, Oct 2003. 




Group- Solvability 

(Extended Abstract) 



Eli Gafni 

University of California Los Angeles, Dept, of Computer Science 
Los Angeles, CA 90095-1596 
eli@cs .ucla.edu 



Abstract. Recent advances in Network Attached Storage (NAS) devices 
has given rise to research on tasks in which the number of potentially 
participating processors is not known or even bounded in advance. In 
many of such situations the output of processors depends upon the group 
the processor belongs to, rather than upon the individual. 

Case in point: the renaming task in which processors dynamically ac- 
quire unique individual slots. In the group version of the renaming task, 
processors from the same group are allowed to share a slot. Sharing slots 
by processors for the same group may be applicable when processors are 
to post information and processors of the same group possess the same 
information. The difficulty in reducing the group version to the individ- 
ual version arises from the fact that in an asynchronous READ- WRITE 
wait-free model of computation, a group cannot elect a leader to acquire 
slot on the group’s behalf and post the information. 

This paper generalizes the notion of a standard task solvability to solv- 
ability by groups. It is mainly concerned with solvability by groups of 
infinite size. It shows that the notion of group solvability by infinite size 
groups is proper restriction of standard solvability by proving that the 
Immediate Snapshots task on three processors is not group solvable. The 
paper’s main technical contribution is in reducing a question about infi- 
nite size groups to finite size. It characterizes group solvability of a task 
T n over n + 1 processors via solvability by groups of size n. Finally, it 
poses a challenging lower-bound conjecture on a proposed group-solvable 
version of the renaming task. 



1 Introduction 

Consider the renaming task [1] . In this task, if the participating set is of size k, the 
task requires each of the k processors to output a unique number in the range 1 
to f(k) = 2fc — 1. The renaming task allows for dynamically assigning dedicated 
slots to processors. Suppose we allocate slots in order for processors to post 
some information in their possession: consider a situation in which processors 
that belong to the same group are in possession of the same information. In this 
case, we need only one posting per group, but we cannot elect a leader in a group 
to post its information. A possible solution is to have each slot acquired in the 
renaming be a Multi-writer Multi-Reader (MWMR) register. Have processors 



R. Guerraoui (Ed.): DISC 2004, LNCS 3274, pp. 30—40, 2004. 
(c) Springer- Verlag Berlin Heidelberg 2004 




Group-Solvability 



31 



acquire slots so that a slot is shared only by processors of the same group. Thus, 
processors overwriting each other do not alter the information. Is the renaming 
task as stated above solvable for groups? If it is not, and the range f(k) of 
numbers has to grow faster than 2k — 1 in order to render the task solvable, how 
does the growth in the size of the groups affect solvability? Does f(k) have to 
grow without bound as the sizes of the groups grow? Or is it true that beyond 
some threshold any increase in the group size does not affect solvability? Does 
the fact that the number of groups is finite but the group sizes may be infinite 
allow us to solve the problem using only finite number of MWMR registers? 

This paper answers some of these questions by introducing the notion of 
group solvability for tasks and investigating the necessary and sufficient condi- 
tions for it. A task dictates the allowed output tuples for each participating set. 
A protocol solves a task, if after executing it, each processor in the participating 
set halts with an output, and the collection of outputs constitutes an output 
tuple in the task for that participating set. We extend this notion to group solv- 
ability by equating a group with a processor and by requiring that any collection 
of outputs one from each processor in a distinct group out of the participating 
groups constitutes an output tuple for that participating groups. 

Of special interest is when a task is solvable independent of the group size. 
When a task is solvable for any group size, we call the task group-solvable. In this 
paper we are concerned with asynchronous wait-free group solvability. Our model 
of computation is the Single- Writer Multi-Reader (SWMR) Atomic-Snapshots 
model. We investigate the solvability of tasks as the group sizes grow. Our main 
result is that if a task T n on n + 1 processors is solvable for groups of size n then 
it is group-solvable. 

Yet, group-solvability in SWMR model may mean that we need larger and 
larger memory as the size of the groups grow. Another corollary of our character- 
ization is that if a task is group-solvable, it is solvable using a finite (F(n, (T n ))) 
number of Multi- Writer Multi-Reader registers. 

Related to our work is the work on group mutual-exclusion [2,3] and recent 
works on models and protocols when the number or universe of processors is not 
bounded a priori [4-6] . While the group mutual-exclusion is in the more difficult 
long-lived computation domain rather than one-shot task domain, solvability 
there is investigated in the fault-free model. While much work has been done 
with respect to wait-free solvability with unbounded number of processors, the 
group notion was not investigated in that model. Thus, this paper fills the gap. 
It investigates groups in the context of wait-free computation. 

Our first step is to show that the group-solvability notion requires special 
study. It is a proper restriction of solvability. The task of 3 processors Immediate- 
Snapshots [7] is solvable, but not group-solvable. 

We then invoke the characterization of wait-free solvability, which categorizes 
a task is solvable if and only if it is solvable in the Iterated Immediate Snapshots 
model [8,9]. Using it, we show that if a task T n on n + 1 processors is solvable 
for group sizes of n then it is solvable for any group size. However, we conjecture 
that below the threshold n, for every k there is a task 7\, which is rendered 
unsol vable if we increase the size of any group. 




32 



Eli Gafni 



This paper raises more questions than provides answers: We give a version of 
the renaming algorithm that is group-solvable. We conjecture that any restriction 
of this version (i.e., reducing /(fc)) renders the task unsolvable for groups. This 
renaming algorithm is very simple and was first proposed in [10] as an interesting 
curiosity. In addition to the challenging lower bound, having distinct algorithms 
for groups and individuals leaves open the quest for an explicit algorithm that 
will seamlessly solve renaming in a conjectured optimal slot space, as a function 
of the actual number of processors in a group that are participating, i.e. a uniform 
algorithm [5]. 

The paper is organized as follows: We first present a Model section where 
we formally define terms and introduce machinery needed here. Then we show 
that the 3 processors Immediate Snapshots task is not group-solvable. In the 
following main section we present our simulation of groups of n processor by 
infinite groups, establishing the necessary and sufficient conditions for group- 
solvability. Then in a short section we discuss group solvability of the renaming 
task, and finally we conclude with a section of open questions and conjectures. 

2 Model 

The model of distributed computation in which group-solvability studied in this 
paper, is the standard asynchronous wait-free SWMR Atomic Snapshots model 
[11]. W.l.o.g we consider only computations in which processor’s input is its 
distinct id (as we can consider distinct processor for any distinct input/processor 
pair), and the protocols are full-information [12]. Thus, an execution is an infinite 
sequence of processor IDs. The odd appearance of a processor id in the sequence 
is a WRITE while the even is a snapshot SCAN. The state of a processor in 
a position in the sequence are all the prefix compatible executions, where a 
READ commutes with READs and a WRITE commutes with WRITES. The 
distinct processors that appear in an execution comprise the participating set of 
processors in that execution. 

A task T n over processors p$, ...,p n is a relation A from vectors of processor 
IDs, to matching-size vectors of outputs. The interpretation being that in an 
execution of participating set vector Q, if processor pi appears in Q and outputs 
value Vi, then {Q,V) G A, where V is a vector V = (vi 0 , such that a 

processor’s position in Q and its output’s position in V match. 

The wait-free model requires that if a processor pi appears infinitely often 
in an execution, than eventually it outputs a value. Correspondingly, a protocol 
for T n is a partial map from a full-information state of a processor to an output 
that satisfies the requirement above. A protocol for T n is said to solve T n . 

A task is solvable in a model, if there exists a protocol in the model that 
solves it. 

Of particular interest are simplex convergence tasks [8]. A simplex conver- 
gence task SC n on processors po,...,p n is defined as follows: We are given an 
n-dimensional subdivided simplex S n . We assume that S n is colored properly 
by processor IDs such that each simplex s n G S n contains all IDs. The n + 1 




Group-Solvability 



33 



O-dimensional faces of S n are colored by distinct IDs, and each simplex on a face 
defined by a subset of the O-dimensional faces is colored only by the correspond- 
ing IDs. A subdivided simplex thus colored is called chromatic. 

The convergence task assigns to a vector of participating processors corre- 
sponding to a face F C S n all the simplexes in S n that appear on that face. 
For example, the 3-processor Immediate Snapshots SCD°2 or IS2 is depicted 
in Figure 1. If processor i, * = 1,2,3 goes solo, it returns the vertex i : i. In an 
execution of i and j i < j with the corresponding participating set vector (i,j) 
they return either (i : i, j : i,j) or (i : i,j , j : i,j) or (i : i,j , j : j), and if 
the participating set is all of them, they return any triangle, with processor i 
returning a vertex of the type i : *. 



1:1 




Fig. 1. Three Processors Immediate Snapshots. 



Let T n be a task on n+ 1 task-processors p 0 ,...,p n . Let Go, G n be groups 
of processors with \Gi\ = ki , i = 0,...,n andG, = P(o,i), •■iP(k i -i,i)- Let P be 
the participating set of processors. The participating groups is the projection 
of the participating set over the groups. A protocol for the processors in the 
groups ki-group-solve T n w.r.t. Go,...,G n if arbitrarily choosing an output of 
processors one for each participating group constitutes an output tuple in T n for 
the participating set of the task-processors that correspond to the n + 1 groups. 
The task T n is group-solvable if it is solvable w.r.t. any group size k. 



2.1 Immediate Snapshot Model 

The immediate snapshot model introduced in [13,14] is a restriction of the atomic 
snapshot model (and thus potentially more powerful) in the sense that its set of 
executions is a subset of the atomic snapshot model. It comprises executions in 
the atomic snapshot model in which each maximal run of writes is followed by a 




34 



Eli Gafni 



maximal run of snapshots by the same processors. Consequently, we can condense 
the odd-followed-by-even appearance of a processor as a single operation called 
Wr i t e Re ad ( v alue). Thus, an execution is a sequence of sets of processors. In [7], 
it was proven that immediate snapshots model can be simulated by the atomic 
snapshot model and therefore cannot solve anything not solvable in the atomic 
snapshot model. 

2.2 Iterated Immediate Snapshot Model 

A one-shot immediate snapshot is an immediate snapshot model that allows each 
processor to WriteRead only once. In the iterated immediate snapshot model, 
we have a sequence of one-shot immediate snapshot memories, Mo, M 1; .... The 
full-information protocol execution starts by pi WriteReading its input to Mq. 
It then applies the output from Mi, i > 0, as an input value (i.e., it “pretends” 
to be a processor with that id) to M t+ i, ad infinitum. 

Formally, one-shot immediate snapshot is specified as follows. Processor pi 
outputs a subset S) of the participating set P , such that 

1 ■ Pi £ ^i , 

2. Si C Sj or Sj C Si, Vpi,Pj G P 

3. pi G Sj => Si C Sj, Vpi,Pj G P 

A full-information execution in the model is an infinite sequence, each ele- 
ment of which is an ordered partition of the set of processors pi, i = 0,...,n. 
Inductively, if the local state of processor pi after its appearance in element j 
is Vij, then its local state after its j + 1 appearance is the result of inputting 
( Pi,Vij ) to a one-shot immediate snapshot with Si including all the tuples of 
processors in the j + 1 partition, which appear in the order in sets that precede 
or include p^. 

A task is solvable wait-free in the iterated immediate snapshot model if for b 
large enough, the output of pi for all i from Mj, can be mapped to an output-value 
satisfying the task. 

In this paper we use the following characterization of wait-free solvability [9] : 

Proposition 1. A task T n is read-write wait- free solvable if and only if there 
exits a bound b(T n ,n ) such that the task is solvable in b iteration of the Iterated 
Immediate Snapshots model. 

3 Three-Processor Immediate Snapshot Task 
Is Not Group- Solvable 

3. 1 The Task 

A three-processor Immediate Snapshots task is a convergence task SCD° 2 de- 
picted in Figure 1. 

Theorem 1. The three-processor Immediate Snapshots task is not group-sol- 
vable. 




Group-Solvability 



35 



Proof. The idea of the proof is simple. The set of nodes returned cumulatively by 
the groups can reside, at most, in two triangles that share a face. Otherwise, we 
will have a combination of outputs that is not a triangle. We associate triangles 
with processors as in figure 1. Then we take three simulators each simulating 
three distinct processors, one from each group, by that each simulator delineates 
a triangle. Each simulator outputs the id of the processor associated with that 
triangle. Since there are, at most two distinct output triangles, the simulators 
have solved 2-set consensus wait-free, which is impossible [8,14,13]. 

Let the simulators be Sirrii, i = 1,2, 3. Processor Sirrii executes first a mem- 
ber from group Gi and then, in an arbitrary order, two distinct members: one 
from each of the other groups. By that it delineated a triangle. It then outputs 
the value to which this triangle has been mapped. 

Obviously, if Sirrii runs alone, it will output i. If it runs just with Sirrij, it 
will output i or j. Now, if the three simulators output three distinct numbers, 
then we can choose vertices of distinct color from these three triangles to obtain 
a collection which is not a triangle - thereby contradicting solvability. Thus, we 
conclude that the three simulators will output at most two distinct numbers. But 
then their outputs constitute a solution to the three-processors 2-set consensus, 
which is impossible. 

Corollary 1 . Any non-trivial convergence task is not group-solvable. 

Obviously, the existence of a span [8] is necessary but strictly not sufficient 
for group-solvability. The next section gives a finite characterization of those 
necessary and sufficient conditions. 



3.2 Solvability with “Small” Group Sizes 

It can be seen that the Immediate Snapshot task for three processors, IS 2 , is 
not group solvable, and holds for groups of size three. That is all that we used 
in the proof above. What about group-size of two? Our characterization in the 
next section implies that IS 2 , since it is not group-solvable, is not solvable for 
groups of size 2, either. We relegate an explicit proof to the full paper. 

In general, we conjecture that for every n and k < n, there exists a task T n 
that is solvable for groups of size k but not solvable for groups of size k+ 1. Indeed, 
if we take a convergence task on I Sr and equate pi and pp+i), i = 0, 2,4, 6, to 
make it a task on 4 processors, our conjecture is that this task is solvable for 
group-size of 2 but not for group-size of 3. 



4 Necessary and Sufficient Conditions 
for Group- Solvability 

Theorem 2. Let T n be a task on n+ 1 processors, then T n is group-solvable if 
and only if it is solvable for groups Go, ...G n of size |Gi| > n, i = 0, ..., n. 




36 



Eli Gafni 



4.1 The Idea Informally 

Obviously, if T n is group-solvable then it is solvable for any finite-size groups. 
This establishes the necessity direction. 

For sufficiency, we know that the Immediate Snapshots task is not group 
solvable since it is a convergence task. Yet a variation of the Immediate Snapshot 
task, which we will call Relaxed Immediate Snapshots (RIS) is group solvable. 
This variation requires a processor^ to output a pair ( Pj,Sj ), where Pj is a 
participating processor id, and S 3 is a subset of the participating processors, so 
that the collection of pairs returned constitutes an immediate snapshots (i.e., a 
processor may output on behalf of another processor and not necessarily return 
its own immediate snap.) 

Thus, assume that T n is group-solvable. Then it is solvable for any group 
size and in particular for groups Go,...,G n , each of size n. Let processors in 
group Gj be P(o,j), ■■■ ,P( n -i,j )• We now consider how groups of size n solve T n , 
and show how infinite groups may simulate groups of size n in solving T n . The 
infinite groups simulate the Iterated Immediate Snapshot computation by pro- 
cessors P(o,o)> ■■■iP(n-i,n)- To that end, we group-solve the Relaxed Immediate 
Snapshots for the n + 1 simulated processors P(o,o)iP(o,i)i •••>P(o,ra)> with simu- 
lating group Gj starting with P(o,j)- This simulates the behavior of processors 
P(o,o)iP(o,i)> •■■iP(o,n) a t memory Mq of the Iterated Immediate Snapshots by 
solving RIS. Then a simulator processor takes output from Mo, where now cu- 
mulatively there may be only few distinct outputs, as inputs for the next mem- 
ory Mi and group-solve the Relaxed Immediate Snapshots in that memory Mi. 
Continuing this way, we reach memory M b , where we have an output, therefore, 
for at least one processor out of simulated processors P(o,o),P(o.i)i •••>£'( o,n), sa y 
P(o,j) ■ Processors in group Gj can now adopt an output from M b and drop out 
of the computation! 

How do we continue? Since in the Relaxed Immediate Snapshot a processor 
obtains an output on behalf of possibly another processor, it may be that all 
the simulating groups “simulated” a single processor, P(o,j)- To get an output 
for itself, after a processor of group G k simulate a processor to M b , it observes 
whether it can obtain an output for itself, and if not, it now inserts processor 
P{i,k) hrto the computation, so that there is a guarantee that it can simulate a 
processor that does not belong to a group for which an output has been obtained. 

To this end, after a simulator p t simulated some processor from Gj at M b , 
it posts the output and view for the processor. It then take a snapshot of the 
posted outputs, and posts that snapshot. A simulator group terminates if its 
output is the intersections of all these output vectors. A simulator continues to 
the next stage “suspecting” that groups that correspond to the largest posted 
snapshot, have terminated. 

Thus, when simulating p( l k ) we go to a new stage. We take a “fresh” copy 
of Mo, Mi,..., Mb where all the processors P(i,*) will be simulated. Yet, to be 
consistent to what was simulated in the first copy of Mq, Mi, ..., M b , after in- 
serting P(i : k) , to level 2(n+ 1) of M 0 , simulator p k first drops all the processors in 
P(o,o) , P(o.i) ) - - -, P(o.n) to their appropriate levels according to the views of outputs 




Group-Solvability 



37 



observed in the previous Mb- Only after finishing pushing these processors down 
to full levels, does it start pushing down simulated processor P(i t k)- The idea 
being that if P(i t k) gets to a full level and cannot be continued to be simulated, 
as explained below, there is some at a level above it that can be simulated. 

Thus, at each stage at least one group drops out of the computation, so a the 
worst we need n stages (since in the last n+ 1 stage a group is simulating alone, 
and therefore just need to pick out an output compatible with all the outputs it 
has observed in the n’th stage.). 

We now elaborate on the building blocks used in the sketch above. 

We introduce the relaxed Immediate Snapshot Task III S n on processors 
PO,-;Pn- 

Let P be the participating set. processor pi returns a pair ( pj , Sj) such that: 

1. pj £ P, and Sj C P, 

2. ii pi returns ( Pj,Sj ), and pi returns (pk,Sk), then Sj C Sk or Sk C Sj. 

3. if k € Sj then Sk C Sj. 

Lemma 1. RIS n is group-solvable. 

Proof. A generalization of the lemma is to say that any “colorless” convergence 
task, i.e., one in which processors converge to a simplex, but in which a processor 
may return vertex of different color then its color, is group-solvable. A way of 
proving this is to show that colorless convergence on the barycentric-subdivision 
[15] is solvable, and then invoke the Simplicial Approximation Theorem [15]. 
But this will amount to rather an existence proof. Here we strive for an explicit 
distributed algorithm: 

We prepare n- 1-1 levels , level n + 1 down to level 1. Each level i contains n- 1-1 
pairs of MWMR registers (CG^j^CR^j)), i,j = 0,...,n, (CellGreen,CellRed) 
all initialized to _L. 

At level i a processor from group Gj sets CG^ jj to 1. It then takes a snapshot 
of the level and counts for how many registers CG^k) are set to 1. If it is less 
then i, defined as observation that the level is not full , it signals it intends to 
continue down to level i — 1 by setting CR^jj to 1. It then takes another snapshot 
to observe whether the level has now become full due to other processors’ arrival 
to the level. If the level is not full, the processor continues, inductively, to level 
i — 1. 

If, at any of the two snapshots, it observes level i as full, the processor 
stops. We argue that there exists at least one index l such that CG ^ = 1, and 
CR(ij) = J-. Indeed, consider the last CG that was set to 1. All the processors 
writing this register will observe the level as full and will not continue on to set 
CR(i t k) to 1. The processor then returns ( pi,Si ), where Si is the set of processors 
Pk such that CG(i t k) = 1 . 

The algorithm starts with processors beginning at level n + 1. 

Standard inductive argument shows that \Si\ = i, i.e., the number of sim- 
ulated processors arriving at level i is at most i. Furthermore, if a processor 
in group Gj returns (pi, Si) at level i, then no processors from group Gi will 
continue to level i — 1. That follows since the processor from group Gj observes 




38 



Eli Gafni 



the level full and CR = _L. If processor from group Gi will later set CR^i) 
to 1, then since no 1 is ever changes to _L, it will also observe the level full, and 
stop. 

Finally, to see that the sets are related by containment, notice that for simu- 
lated processor k to go to levels below i, CG^k) must be set to 1. Since CG^k) 
cannot be set from J_ to 1 after the level was observed as full, it must be 1 in 
any observation of the level as full, and therefore it will be returned in Si. Thus, 
the Immediate Snapshots relation between returned pairs is satisfied. 

The other building block we need to consider is the Relaxed Immediate Snap- 
shots with Immediate Snapshot Inputs. Let A and B be two distinct set of pro- 
cessors each of size n, and assume processors in A are to solve the RIS over 
processors in A, but yet, each processor in A has a snapshot of processors from 
B as inputs. Among the participating processors, let ISb be the smallest in- 
put snapshot from B. Participating processors in A have to output a relaxed 
immediate snapshot of processors from A that are compatible with ISb ■ The 
way to solve this problem is for processors to first go down the level of the IS 
implementation, pushing down first “token” for processors from B in their input 
ISb until they get to a full level or until they get to the level of the input ISb- 

5 Renaming 

The Renaming Task [1] has different versions. The version RN n we consider here 
is specified by a function RN(i), i = 1, ..., n + 1 which requires processors in a 
participating set of size i to a acquire a unique slot in the range 1 to RN(i). It 
was shown [8] that the function RN(i ) = 2i — 1 is solvable, while any function 
that minorizes it at any point is not. We conjecture that RN(i) = 2i — 1 is not 
group solvable, while we show that the function RN(i) = i(i+l)/2 is. 

The algorithm that solves RN(i ) = i(i+ 1)/2 appears in [10]. Here, we adapt 
it to groups. Processors take group-snapshots. We set MWMR registers each 
dedicated to a group, initialized to J_. A processor at group Gj sets its register 
to 1, and double scans until success. Let it return a set Sj. Lets the rank of 
Gj within the group IDs in Sj be k. It then acquires slot |Sj|(|Sj| — l)/2 + k. 
Since two processors which have the same-size snapshot have the same snapshot, 
the correctness of this algorithm is obvious: Processors that obtain snapshot of 
size | S'* | acquire slots in | Si | ( | Si | — l)/2 + 1 to |Sj|(|Si| — l)/2 + |S,|. It is clear 
that processors of the same-size snapshot do not collide; the same is true for 
processors from different snapshots since each snapshot size is allocated it own 
slots. 

Let n be n >> c; then, for groups of size c we can employ the original 
renaming algorithm from [] . In that algorithm, a processor tries to capture a slot 
by raising a flag for that slot and observing whether collision with other flags 
at the slot has occurred. If no collision(s) has occurred, the processor takes the 
slot. Otherwise, it removes its flag and raises it anew for the fc’s free slot, where 
k is its rank among the participating processors. It can be easily seen that that 
algorithm will work if the ranking is performed by group rank rather than by 




Group-Solvability 



39 



processor rank. Thus, the number of slots we need at the most for n classes is 
cn + (n — 1) << n(n + l)/2. This algorithm is also adjusting to the number of 
the processors in a group that actually participate. 

Thus, it opens the quest for a seamlessly adjusting renaming protocol, that 
on the one extreme will require, at most, 2i — 1 slots (when there are exactly 
i participating processors from distinct groups), and on the other hand will 
require, at the most, i(i + 1)/2 slots when the number of participating processors 
from the participating groups grows without bound. 

6 Conclusion 

This paper opens a new line of research, that of group-solvability. This paper 
established the first two results: (1) group-solvability is distinct from solvability, 
and (2) beyond a threshold, solvability of group-size k implies solvability for 
group-size k + 1. What happens in between these two extremes is not clear. 

Our notion of group-solvability can be construed as the “for-all” version: a 
version the requires correctness of all combinations of outputs. With one from 
each group, the outputs constitute an output tuple. We may also consider the 
“there exists” version of the problem: there exists a representative from each 
group so the the combination of outputs is an output tuple. We conjecture that 
the two notions are equivalent; i.e., every task solvable for the latter notion is 
solvable for the former. 

Thus, it leaves more question than answers: 

1. Is n tight? Perhaps a better characterization of group-solvability is that if a 
task is solvable for group sizes n — 1 then it is group solvable. 

2. Is the “there exists” notion of solvability equivalent to the “for all”? 

3. As the number of group grows how should the range RN(i) grow to make 
renaming group-solvable? 

4. Is there a uniform algorithm [5] for group-solvable space-optimal renaming? 

Finally, earlier drafts of this paper argued the main result using algebraic 
topology. It only later occurred to us that since the duality between algebraic 
topology and distributed algorithm goes both ways there may be a way to argue 
the result strictly algorithmically. Nevertheless, the first glimpse of why the result 
may hold was motivated completely by topological reasoning. And perhaps that 
is the way it should be. 

Acknowledgement 

Part of this work was conducted while visiting EPFL Lausanne. I am in debt 
to Rachid Guerraoui, Bastian Pochon, and Petr Kouznetsov, for many hours of 
discussion and even more hours of jogging. 




40 



Eli Gafni 



References 

1. H. Attiya, A. Bar-Noy. D. Dolev, D. Roller, D. Peleg, and R. Reischuk, “Achievable 
Cases in an Asynchronous Environment,” in Proceedings of the 28th Symposium 
on Foundations of Computer Science, pp. 337-346, 1987. 

2. Y. .loung, “Asynchronous group mutual-exclusion,” Distributed Computing, vol. 13, 
pp. 189-206, 2000. 

3. V. Hadziiacos, “A note on group mutual-exclusion,” in Proceedings of the 20th 
ACM Symposium on Principles of Distributed Computing, pp. 100-106, 2001. 

4. M. Merritt and G. Taubenfeld, “Computing with infinitly many processes,” Pro- 
ceeding of the lfth International Symposium on Distributed Computing: LNCS 
1914, PP- 164-178, Oct. 2000. 

5. E. Gafni, “A simple algorithmic characterization of uniform solvability,” Proceed- 
ings of the 43rd A nnual IDEE Symposium On Foundation of Computer Science 
(FOCS2002), pp. 228-237, 2002. 

6. G. Chockler and D. Malkhi, “Active disk paxos with infinitely many processes.” 
in In Proceedings of the 21th ACM Symposium on Principles of Distributed Com- 
puting (PODC 2002). pp. 78-87, 2002. 

7. E. Borowsky and E. Gafni, “Immediate Atomic Snapshots and Fast Renaming,” in 
Proceedings of the 12tli ACM Symposium on Principles of Distributed Computing, 
pp. 41-51, 1993. 

8. M. Herlihy and N. Shavit, “The topological structure of asynchronous computabil- 
ity,” Journal of the ACM, vol. 46(6), pp. 858-923, 1999. 

9. Eh Borowsky and E. Gafni, “A simple algorithmically reasoned characterization of 
wait-free computations,” PODC97, pp. 189-198, 1997. 

10. A. Bar-Noy and 1). Dolev, “Shared-memory vs. message-passing in an asynchronous 
distributed environment,” PODC 1989, pp. 307 318, 1989. 

11. Y. Afek, H. Attiya, D. Dolev, E. Gafni, M. Merrit, and N. Shavit, “Atomic Snap- 
shots of Shared Memory,” in Proceedings of the 9th ACM Symposium on Principles 
of Distributed Computing, pp. 1-13, 1990. 

12. G. Frederickson and N. Lynch, “Electing a Leader in asynchronous Ring,” Journal 
of the ACM, vol. 34, no. 1, pp. 98-115, 1987. 

13. E. Borowsky and E. Gafni, “Generalized FLP Impossibility Result for t- Resilient 
Asynchronous Computations,” in Proceedings of the 25th ACM Symposium on the 
Theory of Computing, pp. 91 -100, 1993. 

14. M. Saks and F. Zaharoglou, “ Wait-Free fc-Set Agreement is Impossible: The Topol- 
ogy of Public Knowledge,” in Proceedings of the 26th ACM Symposium on the 
Theory of Computing, pp. 101 110, 1993. 

15. E. H. Spanier, Algebraic Topology. Springer- Verlag, New York, 1966. 




The Notion of Veto Number 
and the Respective Power of OP and OS 
to Solve One-Shot Agreement Problems 



Roy Friedman 1 , Achour Mostefaoui 2 , and Michel Raynal 2 



1 Computer Science Department, Technion, Haifa 32000, Israel 
2 IRISA, Campus de Beaulieu, 35042 Rennes Cedex, France 
roygcs . technion . ac . il, {achour, raynal}@irisa . f r 



Abstract. Unreliable failure detectors are abstract devices that, when added to 
asynchronous distributed systems, allow to solve distributed computing problems 
(e.g.. Consensus) that otherwise would be impossible to solve in these systems. 
This paper focuses on two classes of failure detectors defined by Chandra and 
Toueg, namely, the classes denoted OV ( eventually perfect ) and OS ( eventually 
strong). Both classes include failure detectors that eventually detect permanently 
all process crashes, but while the failure detectors of OV eventually make no 
erroneous suspicions, the failure detectors of OS are only required to eventually 
not suspect a single correct process. 

In such a context, this paper addresses the following question related to the com- 
parative power of these classes, namely: “Are there one-shot agreement problems 
that can be solved in asynchronous distributed systems with reliable links but 
prone to process crash failures augmented with OV , but cannot be solved when 
those systems are augmented with OST Surprisingly, the paper shows that the 
answer to this question is “no”. An important consequence of this result is that 
OV cannot be the weakest class of failure detectors that enables solving one- 
shot agreement problems in unreliable asynchronous distributed systems. These 
results are then extended to the case of more severe failure modes. 

Keywords: Agreement Problem, Asynchronous Distributed System, Consensus, 
Computational Power, Input Vector, One-Shot Problem, Process Crash, Unreli- 
able Failure Detector, OV, OS, Veto Number. 



1 Introduction 

Context of the study. The design and implementation of reliable applications on top of 
asynchronous distributed systems (sometimes called time-free asynchronous systems) 
prone to process or link failures is a difficult and complex task. One of the main issues 
one has to cope with lies in the impossibility of correctly detecting process crash fail- 
ures in those systems. In such a context, some problems become very difficult or even 
impossible to solve. The most famous of these problems is the Consensus problem. It is 
known that there is no deterministic solution to Consensus in asynchronous distributed 
system if a single process (or more) may crash [16]. 

Overcoming the impossibility result associated with the Consensus problem re- 
quires augmenting the underlying asynchronous system with additional assumptions. 

R. Guerraoui (Ed.): DISC 2004, LNCS 3274, pp. 41-55, 2004. 

© Springer- Verlag Berlin Heidelberg 2004 




42 



Roy Friedman, Achour Mostefaoui, and Michel Raynal 



Those are often related to synchrony. That is, they often state, in some way or another, 
“timing” assumptions that make the system no longer purely time-free, thereby allowing 
us to solve Consensus in those augmented systems (e.g, systems with partial synchrony 
[1 1], or minimal synchronism [14]). 

A more abstract approach to circumvent impossibility results was introduced by 
Chandra and Toueg who have introduced the concept of an Unreliable Failure Detector 
[5]. All the synchrony or timing assumptions are hidden in the implementation of a 
failure detector that appears to the upper layer as a set of abstract properties. From an 
operational point of view, a failure detector can be seen as an oracle made up of a set 
of modules, each associated with a process. The failure detector module attached to a 
process provides it with a list of processes it suspects of having crashed (so, the output 
of a failure detector module is bounded). A failure detector can make mistakes by not 
suspecting a crashed process or erroneously suspecting a non crashed process. To be 
useful, a failure detector cannot be allowed to behave in a completely arbitrary way. So, 
its possible behaviors are defined by properties that restrict the mistakes it can make. 
In their seminal paper [5], Chandra and Toueg introduced several classes of failure 
detectors, each class being defined by two abstract properties, namely a Completeness 
property and an Accuracy property. Completeness specifies the ability to detect crashes, 
while accuracy restricts erroneous suspicions. 

As defined and advocated by Chandra and Toueg [5], the failure detector approach 
is particularly attractive. This is because failure detectors are not defined in terms of 
a particular implementation involving network topology, message delays, local clocks, 
etc., but in terms of abstract properties related to the detection of failures. The fail- 
ure detector approach favors a modular decomposition that not only simplifies protocol 
design but also provides general solutions. More specifically, during a first step, a pro- 
tocol is designed and proved correct assuming only the properties provided by a failure 
detector class. So, this protocol is not expressed in terms of low-level parameters, but 
depends only on a well defined set of abstract properties. The implementation of a fail- 
ure detector FD of the assumed class can then be addressed independently: additional 
assumptions can be investigated and the ones that are sufficient to implement FD can 
be added to the underlying distributed system in order to get an augmented system on 
top of which FD can be implemented. With this, FD can be implemented in one way 
in some context and in another way in another context, according to the particular fea- 
tures of the underlying system. It follows that this layered approach favors the design, 
the proof and the portability of protocols. 

V, OV , and OS are three classes of Chandra-Toueg’s failure detectors that define a 
hierarchy. V is the class of perfect failure detectors, i.e., those that never make a mis- 
take: a process that crashes is suspected (completeness) and a process is not suspected 
before it crashes (accuracy). It has been shown that V is the weakest class of failure 
detectors that enables solving the Interactive Consistency problem in asynchronous dis- 
tributed systems prone to process crash failures [21]. Interactive consistency [27] is a 
one-shot agreement problem (so, each process proposes a value) such that each correct 
process 1 decides a vector (termination), and no two processes decide different vectors 
(agreement). The decided vector has one entry per process and each entry contains ei- 

1 A correct process is a process that does not crash; otherwise, it is faulty. See Section 2. 




The Notion of Veto Number 



43 



ther the value proposed by the corresponding process or a default value _L. Moreover, if 
a process is correct, its entry in the vector cannot be _L (validity). 

The class OV contains all the failure detectors that, after some unknown but finite 
time, no longer make mistakes. This means that those failure detectors can behave ar- 
bitrarily during a finite period, but that period terminates and then the failure detector 
behaves as a failure detector of the class V. This class of failure detectors is called the 
class of eventually perfect failure detectors. It has been shown that, among the classes 
of failure detectors that outputs lists of suspects, OV is the weakest class that allows to 
solve the Quiescent Reliable Communication problem [1]. This problem is a one-shot 
communication problem that consists of achieving reliable communication with quies- 
cent algorithms despite lossy links and process crashes. Quiescence means here that, at 
the protocol level, the sending (or broadcast) of each application message must generate 
only a finite number of protocol messages in spite of link or process failures. 

The class OS contains all the failure detectors that, after some unknown but finite 
time, suspect all processes that crash and do not suspect one correct process. It is impor- 
tant to notice that failure detectors of this class can make an infinite number of mistakes 
by repeatedly suspecting correct processes. There is only a single correct process that 
from some point on should never be suspected and this can start only after an arbitrary 
finite time. This class of failure detectors is called the class of eventually strong failure 
detectors. It has been shown that OS is the weakest class of failure detectors that al- 
lows to solve the Consensus problem, assuming a majority of correct processes [4]. In 
the Consensus problem, each process proposes a value, and all correct processes have 
to decide a value (termination), such that a decided value is a proposed value (validity) 
and no two processes decide differently (uniform agreement). As a counter example, the 
Atomic Broadcast problem is both a communication problem and an agreement prob- 
lem, but it is not one-shot. It is a communication problem because it allows processes 
to reliably broadcast messages, and it is an agreement problem because it requires that 
the processes agree on the same message delivery order. Yet, it is not one-shot, as it is a 
continuous problem that can be solved by repeated Consensus invocations [5]. 

Motivation and content of the paper. In this paper we are interested in asynchronous 
distributed systems made up of n processes communicating through reliable links, but 
where up to / (< n — 1) processes may crash. Moreover, we are interested in one-shot 
agreement problems. The Consensus problem, and the interactive consistency problem 
are examples of one-shot agreement problems (each process is assumed to propose a 
value). 

Although OS appears to be weaker than OV (yet, most implementations of OS in 
fact attempt to provide OV), an interesting problem concerns the computational power 
of those classes of failure detectors. On one hand, up to date, no one has exhibited a 
one-shot agreement problem that can be solved with OV and cannot with OS. On the 
other hand, the properties defining OS are weaker than the ones defining OV. Hence 
the following fundamental question: 

“ In asynchronous distributed systems with reliable links but prone to process 
crash failures, are there one-shot agreement problems that can be solved when 
those systems are augmented with OV, but cannot be solved when they are 
augmented only with OS 7’ 




